吴说区块链|7月 03, 2026 06:55
According to WuShuo, Keystone announced that during a joint security audit with OneKey Anzen in March 2026, the OneKey Anzen team discovered a security issue in the USB SDK provided by the MCU supplier used in the Keystone 3 Pro. Under specific conditions—such as an attacker physically obtaining the device, acquiring the unlock PIN, connecting via USB, and gaining device authorization—it’s possible to execute custom code on the MCU, potentially threatening user asset security. Keystone stated that the issue was fixed with the release of firmware V2.4.0 on April 1 and that the USB SDK bug has been reported to the MCU supplier. Keystone advises users to update their firmware promptly, safeguard their devices and PIN codes, prioritize air-gapped methods like QR codes for transaction signing, and reject abnormal USB authorization requests.
https://(wublock123.com)/news/keystone-and-onekey-anzen-disclose-fix-keystone-3-pro-usb-sdk-vuln-63955
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink