Trezor One Fault Injection
Fault injection, also known as ‘glitching,’ is a process to intentionally cause a system to misbehave in a way that is beneficial to an attacker. This technique is commonly used to defeat a microcontroller’s security mechanism, which is intended to protect access to its debug interface and/or internal memory/data.
The Trezor One is a popular hardware wallet designed to store a user’s cryptocurrency private key. If an attacker is able to extract that private information, they will be able to access the user’s cryptocurrency. The Trezor One features an ST Microelectronics STM32F2-series microcontroller that is known to be vulnerable to glitching.
This story follows our journey as we aim to hack a Trezor One and recover $2 million worth of cryptocurrency.
Documentation:
- Video: How I hacked a hardware crypto wallet and recovered $2 million (YouTube)
- Article: Cracking a $2 million crypto wallet (The Verge)
- Article: I had $2 million dollars in crypto locked on a wallet (Dan Reich)
- Slides: That time I hacked a hardware wallet… (Revised March 27, 2022)
- Source Code (Python w/ Jupyter Notebook + OpenOCD) (Revised January 13, 2022)