Hardware Wallets: Not Invincible Against Cybercriminals

Cybercriminals Exploit Unsuspecting Investors with Infected and Counterfeit Devices, Exposing the Vulnerabilities of 'Secure' Storage

Cryptocurrency investors often turn to hardware wallets as a secure way to store their digital assets, assuming they are inviolable. However, even the most advanced hardware wallets on the market may not be fully shielded and there are still risks associated with using fake or infected devices.

- Advertisement -

Kaspersky shared the details behind the cryptocurrency theft incident involving a hardware wallet, which resulted in the loss of 1.33 BTC worth $29,585.

Hardware wallets, also known as “cold” wallets, store cryptocurrency keys on a USB stick-sized device, which must be connected to a computer to send cryptocurrency or interact with decentralized funding protocols.

These devices are generally considered more secure than “hot” wallets that are connected to the internet at all times as a result.

However, a recent Kaspersky investigation revealed a rare case of asset theft from a hardware wallet, showing how cybercriminals are devising new tactics to maximize their profits.

The victim did not make any transactions that day and the “cold” wallet was not connected to the computer. Thus, the victim did not immediately notice the theft and the scammer transferred 1.33 BTC (worth approximately $29,585) without the victim’s knowledge.

Although the copy they studied appeared identical to the original, the device showed signs of malicious tampering when they opened it.

- Advertisement -

Instead of being ultrasonically bonded together like genuine hardware wallets, each half of the device was filled with glue and held together with double-sided tape.

Additionally, the wallet had a different microcontroller with read protection mechanisms and the flash memory completely disabled, unlike the original.

This led the company’s investigators to conclude that the victim had purchased a hardware wallet that had already been infected.

- Advertisement -

The attackers made only three changes to the original bootloader firmware and the wallet itself.

They removed control of the protection mechanisms, replaced the randomly generated phrase with one of 20 predefined phrases, and used only the first character of any additional password.

This gave the attackers a total of 1,280 options to get the key to a fake wallet.

Thus, the attackers were able to carry out the operation while the dormant cryptocurrency wallet lay quietly in the owner’s safe.

The cryptocurrency wallet appeared to be functioning as usual, but from the beginning, the fraudsters were in complete control of it.

“Hardware wallets have long been considered one of the safest ways to store cryptocurrency, but cybercriminals have found new ways to profit by selling infected or fake devices to unsuspecting victims. Such attacks are completely preventable. Therefore, we strongly advise users to buy hardware wallets only from official and trusted sources to minimize the risk,” comments Stanislav Golovanov, a cyber incident investigation expert.

To stay safe, we recommend the following:

  • Buy from official sources: Buy hardware wallets only from official and trusted sources, such as the manufacturer’s website or authorized resellers.
  • Check for signs of tampering: Before using a new hardware wallet, inspect it for any signs of tampering, such as scratches, glue, or mismatched components.
  • Verify the firmware: Always verify that the firmware on the hardware wallet is legal and up-to-date. This can be done by checking the manufacturer’s website for the latest version.

READ NEXT

Previous Articles:

- Advertisement -

Latest

Woman Loses $80,000 in Crypto Scam, Devastating Anniversary Surprise

A St. Francis couple lost $80,000 in a cryptocurrency investment scam discovered on Facebook.Scammers used a fake platform showing false investment returns to lure...

Healthcare Firm Plans $500M Offering to Boost Bitcoin Holdings

Semler Scientific plans to raise up to $500 million through a securities offering to expand its Bitcoin holdings beyond its current 3,192 BTC.The healthcare...

Nvidia and Bitcoin Fall After $5.5B Charge Related to Trump’s China Ban

NVIDIA shares dropped 8% after the company disclosed a $5.5 billion charge related to Trump's ban on H20 chip sales to China.Cryptocurrency markets turned...

Mantra CEO to burn team tokens after massive token collapse

Mantra CEO John Mullin is planning to burn all team tokens to rebuild trust following OM token's 90% crash on April 13.The team's 300...

From SoJ to BTC: Diablo II’s ‘Stone of Jordan’ as Digital Currency

Diablo II players created an unofficial currency system using Stone of Jordan (SoJ) rings to overcome the limitations of the game's built-in Gold economy.The...

Must Read

Forex Trading Vs Crypto Trading: Which One Should You Choose?

So you're trying to decide between two types of trading: Forex and cryptocurrency.Forex trading is the big player in the trading world, with lots...