Fault injection, also known as ‘glitching,’ is a process to intentionally cause a system to misbehave in a way that is beneficial to an attacker. This technique is commonly used to defeat a microcontroller’s security mechanism, which is intended to protect access to its debug interface and/or internal memory/data.

The Trezor One is a popular hardware wallet designed to store a user’s cryptocurrency private key. If an attacker is able to extract that private information, they will be able to access the user’s cryptocurrency. The Trezor One features an ST Microelectronics STM32F2-series microcontroller that is known to be vulnerable to glitching.

This story follows our journey as we aim to hack a Trezor One and recover $2 million worth of cryptocurrency.

• Video: How I hacked a hardware crypto wallet and recovered $2 million (YouTube)
• Article: Cracking a $2 million crypto wallet (The Verge)
• Article: I had $2 million dollars in crypto locked on a wallet (Dan Reich)
• Slides: That time I hacked a hardware wallet… (Revised March 27, 2022)
• Source Code (Python w/ Jupyter Notebook + OpenOCD) (Revised January 13, 2022)