Kaspersky Lab speaks about the emergence of fake hardware wallets
Experts urged to buy devices only from trusted dealers
15.05.2023 - 16:00
425
3 min
0
What’s new? Kaspersky Lab described a case of hardware cryptocurrency wallet forgery, from which attackers withdrew 1,33 BTC ($29 585 at the time of research). It is reported that on the day of the theft, the owner did not make any transactions, and the device was disconnected from the Internet and was lying in a safe. Upon opening the wallet for analysis, experts found signs of modification. They concluded that the victim had bought a device that had already been hacked, and urged to buy only from trusted dealers.
How was the wallet changed? Kaspersky Lab found that instead of ultrasonic welding the wallet halves were filled with glue and fastened with double-sided adhesive tape. Also, another microcontroller with modified firmware and bootloader was installed instead of the original one. In this, at the time of purchase factory packaging and holographic stickers looked intact and did not arouse the victim’s suspicions.
The experts found out that the scammers had made three modifications to the hardware wallet: the control of security mechanisms was removed and at the stage of initialization or upon device reset the randomly generated seed phrase was replaced by one of 20 pre-created and saved in the fraudulent firmware. The third modification was that if the owner set an additional password to protect the master key, only the first character was used. Thus, attackers had to try a total of 1280 variants in order to find a password to a particular fake wallet.
Как надежно хранить криптовалюту. Выбираем лучшие криптокошельки 2023 года
Подробно разбираем все типы криптовалютных кошельков, а также выбираем лучшие хранилища для цифровых активов, исходя из потребностей каждого отдельного пользователя
Stanislav Golovanov, a cybersecurity expert at Kaspersky Lab, noted that although hardware wallets are considered one of the safest ways to store cryptocurrency, attackers have found a way to withdraw funds from them — selling infected or fake devices. He stressed that such attacks can be avoided by buying devices only from official and trusted sellers to minimize risks.
Earlier, Kaspersky Lab described a new fraud scheme in which users were offered to invest in “Russian state cryptocurrency” on behalf of some regulator.
Useful material?
Market
The company’s unrealized profits from investing in its first cryptocurrency approached $14 billion
Nov 19, 2024
Incidents
The search, the reason for which was not announced, took place a week after the election, the results of which Polymarket users predicted quite accurately
Nov 14, 2024
Market
Analysts point to the growing popularity of the first cryptocurrency as a safe haven asset
Nov 13, 2024
Market
The product will begin trading on the Swiss Exchange on November 19
Nov 12, 2024
Market
The company’s unrealized profits from investing in the first cryptocurrency approached $13 billion
Nov 12, 2024
Market
The company predicts that the rate of the first cryptocurrency will grow to $200 000 by the end of next year
Nov 11, 2024