Based on what I'm seeing under the "
Bug Severity and Bounties" part of OneKey's program, I believe it means they were dealing with more than a single bug
[perhaps we're not seeing the whole picture]!
Or their bug founding was so big and important that OneKey decided to pay them extra reward to make them happy and (more silent) not so critical
I want to see researchers like this testing all other hardware wallets, because I am sure they could earn more money.
You have a point, but the main issue is the fact that an average joe like me, doesn't have the necessary skills & knowledge to deal with such cases [unfortunately].
Average Joe probably can't do that for firmware, but luckily it's easier for developers to do it when wallet is open source.
I would have not expected these news to come from China, to be honest. In my eyes, China is kinda a black hole if we talk about Bitcoin technology, gadgets, wallets and other tools.
Believe it or not, most of the hardware devices and chips are coming from China, so they are far from being a black hole.
We already know that Ledger is made in China (and assembled in France village), Keystone is made in China, Safepal is made in China, and others that are less known.
OneKey is most popular hardware wallets in China, some repots say they sold over 100,000 devices.
Also, If I recall correctly Trezor wallets have a similar problem with physical attacks, back in the day after the Kraken video about that vulnerability, Satoshilabs suggested the use of a passphrase to mitigate the risk. Cannot all the Trezor based wallets do the same?
This is totally different from Trezor devices because they still don't have any secure elements, so it's logical that there is no communication between chips.
It seems to me that the consequences of such hacks are overestimated. Hardware wallet continue to protect the security of crypto assets million users (online). For this it are needed. And if the attackers have gained physical access to HW, then it will no longer matter whether they use the help of a hacker or a $5 wrench attack.
It doesn't have to be hackers, it can be any regular lowlife thief or government parasite agents that finds or confiscates hardware wallet.
Knowing they could hack it in one second would be nice surprise for them, especially in China.
If I create the BEST and MOST SECURE hardware wallet on the planet. BUT I make it all closed source and remove all marking from all the chips so you can't see what they are.
Yeah, especially if you sign NDA with your partners, and create black box operating system for secure element, like some manufacturers are already doing