Hardware Wallets: Not Invincible Against Cybercriminals

Cybercriminals Exploit Unsuspecting Investors with Infected and Counterfeit Devices, Exposing the Vulnerabilities of 'Secure' Storage

Cryptocurrency investors often turn to hardware wallets as a secure way to store their digital assets, assuming they are inviolable. However, even the most advanced hardware wallets on the market may not be fully shielded and there are still risks associated with using fake or infected devices.

- Advertisement -

Kaspersky shared the details behind the cryptocurrency theft incident involving a hardware wallet, which resulted in the loss of 1.33 BTC worth $29,585.

Hardware wallets, also known as “cold” wallets, store cryptocurrency keys on a USB stick-sized device, which must be connected to a computer to send cryptocurrency or interact with decentralized funding protocols.

These devices are generally considered more secure than “hot” wallets that are connected to the internet at all times as a result.

However, a recent Kaspersky investigation revealed a rare case of asset theft from a hardware wallet, showing how cybercriminals are devising new tactics to maximize their profits.

The victim did not make any transactions that day and the “cold” wallet was not connected to the computer. Thus, the victim did not immediately notice the theft and the scammer transferred 1.33 BTC (worth approximately $29,585) without the victim’s knowledge.

Although the copy they studied appeared identical to the original, the device showed signs of malicious tampering when they opened it.

- Advertisement -

Instead of being ultrasonically bonded together like genuine hardware wallets, each half of the device was filled with glue and held together with double-sided tape.

Additionally, the wallet had a different microcontroller with read protection mechanisms and the flash memory completely disabled, unlike the original.

This led the company’s investigators to conclude that the victim had purchased a hardware wallet that had already been infected.

- Advertisement -

The attackers made only three changes to the original bootloader firmware and the wallet itself.

They removed control of the protection mechanisms, replaced the randomly generated phrase with one of 20 predefined phrases, and used only the first character of any additional password.

This gave the attackers a total of 1,280 options to get the key to a fake wallet.

Thus, the attackers were able to carry out the operation while the dormant cryptocurrency wallet lay quietly in the owner’s safe.

The cryptocurrency wallet appeared to be functioning as usual, but from the beginning, the fraudsters were in complete control of it.

“Hardware wallets have long been considered one of the safest ways to store cryptocurrency, but cybercriminals have found new ways to profit by selling infected or fake devices to unsuspecting victims. Such attacks are completely preventable. Therefore, we strongly advise users to buy hardware wallets only from official and trusted sources to minimize the risk,” comments Stanislav Golovanov, a cyber incident investigation expert.

To stay safe, we recommend the following:

  • Buy from official sources: Buy hardware wallets only from official and trusted sources, such as the manufacturer’s website or authorized resellers.
  • Check for signs of tampering: Before using a new hardware wallet, inspect it for any signs of tampering, such as scratches, glue, or mismatched components.
  • Verify the firmware: Always verify that the firmware on the hardware wallet is legal and up-to-date. This can be done by checking the manufacturer’s website for the latest version.

READ NEXT

Previous Articles:

- Advertisement -

Latest

Pi, IMX, ZBCN in Focus as Key Token Unlocks Threaten More Losses

The crypto market experienced a sharp drop as Bitcoin fell from $111,900 to below $104,000, resulting in widespread altcoin declines.Investors are closely watching key...

Crypto’s “Inverse Cramer”: Trader Gains Millions Opposing James Wynn

A trader known as James Wynn became notable for a $1 billion Bitcoin short position on the Hyperliquid platform.Other crypto traders have started to...

Bitcoin Drops 10% From Highs Amid Quantum Computing Warnings

Bitcoin dropped nearly 10% from its record high, falling close to $103,000 after reaching $112,000 last week. BlackRock warned that advances in quantum computing could...

Czech Justice Minister Resigns Over $45M Bitcoin Donation Scandal

Czech Justice Minister Pavel Blazek resigned after controversy over accepting and selling Bitcoin from a convicted criminal.The Justice Ministry auctioned nearly 500 Bitcoin, raising...

Uniswap (UNI) Rebounds Above $6 After Brief Uptrend Breakdown

Uniswap's UNI token dropped below its key uptrend line following a failed hold above the $6.00 support level.High trading volumes accompanied the decline, including...

Must Read

17 Best Audiobooks On Blockchain Technology For Beginners

If you're looking to dive into the world of blockchain technology, you're in for a treat. The field is rapidly evolving and the potential...