​Kaspersky Lab speaks about the emergence of fake hardware wallets

What’s new? Kaspersky Lab described a case of hardware cryptocurrency wallet forgery, from which attackers withdrew 1,33 BTC ($29 585 at the time of research). It is reported that on the day of the theft, the owner did not make any transactions, and the device was disconnected from the Internet and was lying in a safe. Upon opening the wallet for analysis, experts found signs of modification. They concluded that the victim had bought a device that had already been hacked, and urged to buy only from trusted dealers.

Kaspersky Lab’s material

How was the wallet changed? Kaspersky Lab found that instead of ultrasonic welding the wallet halves were filled with glue and fastened with double-sided adhesive tape. Also, another microcontroller with modified firmware and bootloader was installed instead of the original one. In this, at the time of purchase factory packaging and holographic stickers looked intact and did not arouse the victim’s suspicions.

The experts found out that the scammers had made three modifications to the hardware wallet: the control of security mechanisms was removed and at the stage of initialization or upon device reset the randomly generated seed phrase was replaced by one of 20 pre-created and saved in the fraudulent firmware. The third modification was that if the owner set an additional password to protect the master key, only the first character was used. Thus, attackers had to try a total of 1280 variants in order to find a password to a particular fake wallet.

Как надежно хранить криптовалюту. Выбираем лучшие криптокошельки 2023 года

Подробно разбираем все типы криптовалютных кошельков, а также выбираем лучшие хранилища для цифровых активов, исходя из потребностей каждого отдельного пользователя

Read further

Stanislav Golovanov, a cybersecurity expert at Kaspersky Lab, noted that although hardware wallets are considered one of the safest ways to store cryptocurrency, attackers have found a way to withdraw funds from them — selling infected or fake devices. He stressed that such attacks can be avoided by buying devices only from official and trusted sellers to minimize risks.

Earlier, Kaspersky Lab described a new fraud scheme in which users were offered to invest in “Russian state cryptocurrency” on behalf of some regulator.