What the Geekcon 2025 Live Exploits of Cypherock X1 and Jade Really Reveal

/Nov 14, 2025

Key Takeaways

Cypherock X1’s firmware integrity checks can be bypassed, allowing attackers to replace the boot firmware and inject arbitrary seed phrases into new devices.
Blockstream Jade’s PIN mechanism is vulnerable—local traffic capture can reveal the user’s PIN and allow full device takeover.
These attacks expose two fundamental weaknesses: insufficient firmware authenticity verification and insecure PIN transmission.
All OneKey devices use EAL6+ certified secure elements, ensuring mnemonics are generated and stored inside SEs and never leave the chip.
OneKey’s blind PIN input prevents PIN exposure during transmission, eliminating the risk of replay or interception.
OneKey utilizes a chain-of-trust boot process—Boardloader → Bootloader → Firmware—to resist firmware tampering, injection, or downgrade attacks.
OneKey currently achieves PQC Level 1 and is actively preparing upgrades toward Level 3–5, strengthening long-term resilience against quantum-era threats.

Introduction

Since 2024, wallet private key issues have occurred frequently, resulting in cumulative losses exceeding $855 million[2]. The most recent private key issue that caused large-scale impact was the brute-force cracking of BTC wallet private keys caused by insecure random number generation[3]. OneKey also published an article on this incident. For details, please see Unveiling the Secrets of Random Number Generation in Seed Phrases.
At the recent GEEKCON 2025 Shanghai event, we also noticed the newly disclosed hardware wallet exploitation cases. OneKey Anzen Lab has compiled the following analysis of this incident.

Vulnerability Disclosure Channel: GEEKCON 2025 Shanghai

Compromised Devices: Cypherock X1 and Blockstream Jade, totaling 2 hardware wallet models.[2]
Note: As the white hat researchers have not disclosed the complete exploitation process, the following vulnerability exploitation effects, causes, etc. are based on speculation from the on-site demonstration content. There may be deviations from the actual vulnerability effects or causes.

Target Device 1: Cypherock X1

Security Architecture of the Attacked Device: Edge-side distributed architecture, 2-of-5. Device side uses STM32L4 MCU, paired with ATECC608A SE (SE does not declare CC certification level), card side uses NXP J3H series SE (CC EAL6+ certified). The seed phrase is split into 2 fragments, encrypted and stored separately on the device and cards.
The security storage mechanism is shown in the diagram below:

image.png
Seed Phrase Recovery Mechanism:
Vulnerability Exploitation Effect: Attackers can implant arbitrary specified seed phrases into new devices by replacing firmware in the Boot. By controlling pre-installed seed phrases, they achieve the goal of stealing user assets.[2]

Target Device 2: Blockstream Jade

Device Architecture: Edge-cloud hybrid architecture, 2-of-2. Device side uses ESP32-S3 MCU, no SE, cloud side (blind oracle) architecture unknown. The seed phrase is split into 2 fragments, encrypted and stored separately on the device and cloud.
Security Storage Mechanism is shown in the diagram below:
Seed Phrase Recovery:
Vulnerability Exploitation Effect: Attackers can obtain the wallet PIN code entered by users through local packet capture. By directly unlocking the device, they achieve the goal of stealing assets.[2]

OneKey Security Measures

Device Architecture: Pure edge-side architecture, 1-of-N. Device side uses STM32 H747 MCU, THD89 SE (CC EAL6+ certified), seed phrase encrypted and stored locally.
Security Storage Mechanism is shown in the diagram below (based on OneKey Pro demonstration):

Secure Storage

As shown in the diagram above, OneKey devices (Classic 1s/Pro) all use CC EAL6+ certified secure chips to directly generate seed phrases by obtaining random numbers that meet cryptographic strength requirements, encrypt and store them in the secure chip, and under no circumstances can user seed phrase data be directly extracted from the secure chip.

PIN Transmission Security

For the security issues currently present in the two hardware wallets mentioned above, OneKey, based on the leading experience of its own security laboratory "Anzen Lab," has already considered these issues during the initial hardware design phase.

For the PIN transmission issue, to facilitate user interaction, OneKey Classic 1s provides an App-based PIN input unlock method. However, instead of using conventional encryption or hashing before transmission, it uses a more secure blind input scheme: the device displays randomly arranged numbers, and users click the corresponding positions on the App's nine-square grid, using random number positions and one-way input to simultaneously avoid replay attacks and potential PIN leakage during transmission.

Comprehensive Firmware Verification

For the issue of firmware tampering, OneKey uses a three-level chain verification and boot scheme through Boardloader, Bootloader, and firmware to resist firmware tampering risks. After the MCU powers on, the Boardloader (with OneKey's signature public key built-in) first verifies the Bootloader's signature and integrity, then the upgradeable Bootloader performs more diverse and flexible configurations (including enabling stricter MPU protection, etc.), and then verifies the signature and integrity of subsequent firmware before booting the firmware. Based on the above chain secure boot mechanism, OneKey has achieved extremely high firmware anti-tampering and anti-downgrade mechanisms, while greatly reducing the risk of stack overflow attacks through more flexible MPU protection settings (updated with firmware/Boot versions).

Post-Quantum Cryptography Readiness

Regarding the post-quantum cryptography algorithm issue (hereinafter referred to as PQC) that everyone is concerned about. First, we need to briefly explain the NIST PQC ratings, which are mainly divided into the following 6 levels:[1]

Security Level	Algorithm	Quantum Gate Count	Classical Gate Count
Level 1	AES-128	2^170/MAXDEPTH	2^143
Level 2	SHA3-256	-	2^146
Level 3	AES-192	2^233/MAXDEPTH	2^207
Level 4	SHA3-384	-	2^210
Level 5	AES-256	2^298/MAXDEPTH	2^272
-	SHA3-512	-	2^274

Notes

Quantum Gate Count: Based on Grover's algorithm for optimal key recovery attacks, limited by MAXDEPTH (circuit depth)
Classical Gate Count: Number of gate operations required for optimal classical attacks
Hash Series: Only classical gate counts are listed, as collision attacks on hash functions mainly consider classical computation
MAXDEPTH: Maximum serial depth parameter for quantum circuits, typical value range from 2^40 to 2^96

These values are benchmarks for NIST's evaluation of post-quantum cryptographic algorithm security strength, used to define thresholds for 5 security categories.

OneKey hardware wallets currently use an encrypted storage scheme in the SE that can reach Level 1 in NIST PQC ratings, which can already provide sufficient security strength for the current and near future. At the same time, we are working on providing security updates to devices that support higher PQC levels, and it is expected that the PQC security level will be upgraded to at least Level 3 or even Level 5. We are also working on PQC Ready development for firmware signature verification, so that the security level of signature verification will be simultaneously upgraded to Level 3 or Level 5. You can learn more about the adaptation status on the official website page.

References:
[1] NIST, Post-Quantum Cryptography: Security Evaluation Criteria. Available: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)
[2] GEEKCON, GEEKCON 2025 Hardware Crypto Wallet Exploitation. Available: https://geekcon.top/js/pdfjs/web/viewer.html?file=/doc/ppt/GEEKCON_2025_硬件钱包.pdf
[3] Milksad, Trust Wallet (CVE-2023-31290): https://milksad.info/updates.html