Wu Says learned that Keystone posted that during a security audit conducted in March 2026 in cooperation with OneKey Anzen, the OneKey Anzen team discovered a security issue in the USB SDK of the MCU supplier used by Keystone 3 Pro. Under specific conditions such as the attacker physically obtaining the device, obtaining the unlock PIN, connecting via USB and obtaining device authorization, it may be possible to execute custom code on the MCU and threaten user asset security. Keystone stated that it has released firmware V2.4.0 on April 1 to fix the issue, and has reported the USB SDK bug to the MCU supplier. Keystone recommends users to update the firmware in time, protect the device and PIN code security, prioritize using air-gapped methods such as QR codes for transaction signing, and reject abnormal USB authorization requests.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned