How to safely wipe a USB flash drive

To quote the ISM (Australia's military standards for cyber security).

Security Control: 0359; In flash memory media, a technique known as wear levelling ensures that writes are distributed evenly across each memory block. This feature necessitates flash memory being overwritten with a random pattern twice as this helps ensure that all memory blocks are overwritten.

This means that if you select a secure delete function such as DoD 5220.22M, you will need to run it twice (note that this method only writes randomly through one pass). If you do this it will mean that your data should be safe from the average attacker, however if your USB contains the Colonel's Secret Recipe, or evidence of you committing a serious crime, refer again to the ISM:

Security Control: 0360; Following sanitisation, highly classified non-volatile flash memory media retains its classification

In other words Destroy it with fire and spread its ashes to the 4 corners of the globe.

If you don't have anything as valuable as I stated above don't listen to the paranoid people on here about how you can never sanitse it, as frankly no one will have the resources to retrieve the data, unless it is a Nation State or a Global Conglomerate.

You may also be interested in NIST SP800-88 Which is American Guidelines for Sanitisation, although I like the ISM as it is much more succinct.

Next time you're about to put sensitive data on a flash drive, consider encrypting it first! Strongly encrypted data is useless without the key, and if you securely erase the drive first, all that will be left is an occasional sector of such encrypted data surviving due to wear leveling.

If you're still unsatisfied by this technique because there's a small probability that (a) a meaningful chunk of data survives and (b) the adversary will be able to read it out and (c) decrypt it, consider that physical destruction may not destroy the data definitely: there will be a chance that one night you will sleepwalk to a potential adversary and sleeptalk the data to them.

Edit addressing some of the comments: consumer-grade flash storage does have over-provisioning, e.g. SanDisk microSD Product Manual tells it's an intrinsic function in their products. And this over-provisioning is much more significant that the difference between 1GB and 1GiB, in fact, the ability to use low-grade flash wafers is why the flash storage is so cheap. On such wafers, 5% to 10% of the cells are stillborn, and a few others will only last a few write cycles, while a decent flash card or thumb drive is typically specced to survive 100-500 complete overwrites.

Furthermore, the chance of a random sector to survive N full overwrites (assuming 15% over-provisioning) is not 0.15^N. Wear leveling is nowhere near uniform write distribution, in fact, if a file stays on the flash drive for a long time while other content is written/removed/overwritten, sectors allocated to that file will have significantly less writes done to them, so they may be overwritten every single time during subsequent full-disk overwrites. Additionally, wear leveling is not based exclusively on write count, but also on the number of correctable errors in a sector. If a sector containing sensitive data exceeds such correctable error threshold, it will never be written to again, so the data in it will be there no matter how many times you overwrite the disk.

A quick check at amazon.com shows 64GB USB drives in non-designer cases go for about $20. Less if you buy in bulk.

Since you want "quick and efficient" lets factor in the time needed to overwrite the drive at least twice, and maybe running a drive scanner to verify the erasure. And then remembering to do it each time.

A quick check of homedepot.com shows a propane torch goes for $20, and that's the fancy model with the built-in igniter. Replacement tanks of propane are $4, and will melt quite a few usb drives.

So, take the drive and open it with either pliers or a hammer. A door jamb also works. Pull out the circuit board, go out to the parking lot and incinerate it.

meowcat mentioned this along with the military classification bit - he wasn't making a funny. From a security perspective, nothing ever gets recovered from a melted blob of plastic (semiconductors fail completely at far lower temperatures than a propane torch can provide). From an economic perspective, buying a new one is cheaper than your time to wipe and verify the old one. Same with SSD in retired laptops and spinning drives - physical destruction is quicker, cheaper and more reliable than software solutions.

30 years ago drives were much more expensive, and a lot smaller. A 7 times overwrite to recycle the hardware made much more sense back then - not any more.