At the RE//verse 2026 conference, security researcher Markus "Doom" Gaasedelen unveiled what he calls the "Bliss" double glitch, a voltage-based exploit that entirely undermines Microsoft's most fortified console platform. For over a decade, the original Xbox One has been treated as an impenetrable fortress in console security. Just as the Xbox 360 famously fell to the Reset Glitch Hack (RGH), the Xbox One has now fallen to Voltage Glitch Hacking (VGH).
This is a watershed moment in console history, yet it comes with important caveats. This only works on original Xbox One consoles, so the Xbox One S and Xbox One X systems remain impenetrable (for now). The attack also demands physical access, custom hardware, and nanosecond-level precision that places it far outside the reach of casual users.
How the Exploit Works
Gaasedelen turned to voltage glitching, a fault injection method that physically disturbs the CPU's power rail for fractions of a second. By briefly collapsing voltage at critical execution moments, it becomes possible to make the processor skip or misinterpret instructions, opening tiny windows of opportunity. The Bliss exploit was formulated, where two precise voltage glitches were made to land in succession. One skipped the loop where the ARM Cortex memory protection was setup. Then the Memcpy operation was targeted during the header read, allowing him to jump to the attacker-controlled data.
Gaasedelen couldn't 'see' into the Xbox One, so had to develop new hardware introspection tools. This speaks to the technical depth required. Even a nanosecond's difference can change the result from a successful bypass to a system crash. The success rate is roughly one in a million attempts and may require days of continuous runs, making widespread jailbroken consoles highly unlikely.
Why Microsoft Can't Patch It
As a hardware attack against the boot ROM in silicon, Gaasedelen says the attack in unpatchable. Thus it is a complete compromise of the console allowing for loading unsigned code at every level, including the Hypervisor and OS. Moreover, Bliss allows access to the security processor so games, firmware, and so on can be decrypted. The vulnerability sits in immutable code etched into the chip itself, not in updateable firmware.
When the Xbox One launched in 2013, Microsoft had engineered what many in the security community described as a near-impenetrable hardware platform. The company integrated multiple layers of encryption and authentication, binding CPU firmware, operating system, and game binaries together through a tightly controlled chain of trust. Yet that engineering triumph becomes irrelevant once someone can manipulate the voltage at the right moment.
Preservation Over Piracy
Here's where the narrative matters. Gaasedelen was explicit about his intent. He said "I haven't played games in years," and added that he did not come back to hack the Xbox One to "pirate a few games." Instead, he explained the work around preservation and repairability.
Once exploited, the system can load arbitrary operating systems or reveal encrypted firmware, making private keys and protected software accessible for study or preservation. For researchers and archivists, this opens unprecedented opportunities to document the Xbox One's internals, fully understand its architecture, and accurately emulate its environment in software. Motherboards with corrupted NANDs, previously considered permanent paperweights, can now be fully restored and reprogrammed using this exploit. If a drive laser or motor fails, replacing the drive traditionally requires transferring the physical controller board. With this exploit, the pairing can be decoupled, allowing for easy hardware swapping or even optical drive emulation.
For Microsoft, the practical threat is limited. The Xbox One, now a legacy platform, has largely been replaced by newer systems with updated security architectures inherited from the same design lineage. Later revisions, the Xbox One S, the Xbox One X, and the current-generation Series S/X, feature a dual-core security architecture, separating the reset processor from the security processor, effectively thickening the armour.
What This Means
The deeper lesson is less about this particular console and more about the nature of security itself. The Bliss exploit reminds the industry that "unhackable" is never forever, even when the barrier lies in hardware. Microsoft did what most organisations would consider stellar security work. They built redundancy, compartmentalisation, and cryptographic verification at every level. And yet, given enough time, specialist knowledge, and custom hardware, it fell.
For a console that outsold the PlayStation 4 and spent most of its life as a commercial disappointment, the Xbox One's security legacy is genuinely impressive. But Gaasedelen's work shows that legacy hardware, once abandoned by manufacturers, eventually becomes vulnerable to determined researchers. That's not a failure of engineering so much as an observation about the transience of all security measures.