If you want to send money to someone on the internet, you need to know their receiving address. Unlike OneKey devices, computers are not necessarily secure, and the address displayed on your screen could potentially be maliciously altered. It is certain that you should always verify the receiving address on your OneKey device screen. For added security, we also recommend using an additional second channel (such as SMS, phone, or face-to-face meetings) to confirm the recipient's address.
OneKey Shutdown
We have no such plans, and if we have to shut down operations, there's no need to worry. OneKey is compatible with other wallets that support BIP32, BIP39, and BIP44. Since our code is publicly available, developers from around the world can maintain it and add new features. In extreme cases (though not recommended), you can also use the recovery mnemonic to restore your funds in different wallets.
Brute-force Attack on OneKey PIN
Your OneKey device is protected by a PIN. If a good PIN is chosen, it would require hundreds of thousands of attempts to guess correctly.
- After 10 failed attempts, the device will automatically erase itself.
Refreshing OneKey Device with Malicious Firmware
The official OneKey firmware is signed with the master key of our team. You can install unofficial firmware on your OneKey device, but doing so will erase the device's storage and display a warning at each startup. Be extra careful and ensure that the OneKey packaging is unopened and that the tamper-proof hologram is intact and in place.
Evil Maid Attack – Replacing OneKey Device with Fake Devices
Malicious third parties may steal your OneKey and replace it with a counterfeit product. If a wireless transmitter is embedded, the counterfeit device can transmit any PIN it receives. The attacker would then have full access to your funds. If you are concerned about such attacks, it is best to sign the back of your OneKey with a permanent marker. Don’t forget to check the signature each time you use it. You can also set a unique image that is difficult to replicate or counterfeit as your custom home screen. It is particularly noteworthy that for the OneKey Mini, the device chassis is sealed with ultrasonic welding, making it nearly impossible to open the device without damaging the casing.
Theft of User's Computer
If a user's computer is stolen, it does not affect the security of their funds. The OneKey device can be used with different computers. Without the OneKey device itself, it is impossible to transfer your cryptocurrency assets from a stolen computer.
Attacking OneKey Servers
OneKey takes security very seriously, so this option is highly unlikely. Additionally, you can set up your own custom backend, which means you can use the OneKey app without relying on OneKey servers.
Running Recovery Process on Infected Computer
On OneKey hardware wallets, the mnemonic phrase is always entered directly on the device itself, so there is no danger of keylogging from an infected computer.