Common Security Threats

If you want to make a payment to someone over the Internet, you need to know their payee address. Unlike OneKey devices, computers are not always secure, and the address displayed on your screen can be maliciously altered.

To be sure, always check the payout address on your OneKey device screen. For added security, we also recommend using an additional second channel (such as a text message, phone call, or face-to-face meeting) to confirm the recipient's address.

Never give your recovery seeds to anyone, and never enter them anywhere in order from the first word to the last.


Brute Force Cracking of OneKey PIN

Your OneKey device is protected by a PIN. If a good PIN is chosen, it will take hundreds of thousands of attempts to get it right.

  • After 10 failed attempts, the device will automatically erase itself.


Refreshing OneKey devices with malicious firmware

The official OneKey firmware is signed by our team's master key. You can install unofficial firmware on OneKey devices, but doing so will erase device storage and display a warning every time you boot.

Use extreme caution and make sure the OneKey package is unopened and the tamper-proof hologram is intact and in place.


Evil Maid Attack - Replacing OneKey Devices with Fake Ones

A malicious third party could steal your OneKey and replace it with a counterfeit product. If a wireless transmitter is embedded, the counterfeit device can transmit any PIN it receives. the attacker will then have full access to your funds.

If you are concerned about such an attack, it is a good idea to sign the back of your OneKey with a permanent pen. Don't forget to check the signature before each use. You can also set up a custom home screen with a unique image that is difficult to copy or forge.

As a special note, with the OneKey Mini, the device chassis is sealed with ultrasonic welding, making it nearly impossible to open the device without damaging the case.


Steal the user's computer

If a user's computer is stolen, it does not affect the security of their funds. the OneKey device can be used with a different computer. Without the OneKey device itself, it is not possible to access the user's funds from the stolen computer.


Attacking OneKey Servers

OneKey takes security very seriously, so this option is extremely unlikely. In addition, you can set up your own custom backend, which means you can use the OneKey App without relying on the OneKey server.


OneKey closes down

There are no such plans, as we love cryptocurrencies, but even if we had to close, there is nothing to worry about.OneKey is compatible with other BIP32, BIP39 and BIP44 compatible wallets. Since our code is publicly available, developers from all over the world can maintain it and add new features. In extreme cases (although this is not recommended), it is also possible to use the recovery helper to restore your funds in different wallets.


Running the recovery process on an infected computer

On OneKey, recovery helpers are always typed on the device itself, so there is no risk of keylogging by an infected computer.

Was this article helpful?
2 out of 2 found this helpful