Hardware Wallets: Not Invincible Against Cybercriminals

Cybercriminals Exploit Unsuspecting Investors with Infected and Counterfeit Devices, Exposing the Vulnerabilities of 'Secure' Storage

- Advertisement -

Cryptocurrency investors often turn to hardware wallets as a secure way to store their digital assets, assuming they are inviolable. However, even the most advanced hardware wallets on the market may not be fully shielded and there are still risks associated with using fake or infected devices.

Kaspersky shared the details behind the cryptocurrency theft incident involving a hardware wallet, which resulted in the loss of 1.33 BTC worth $29,585.

Hardware wallets, also known as “cold” wallets, store cryptocurrency keys on a USB stick-sized device, which must be connected to a computer to send cryptocurrency or interact with decentralized funding protocols.

These devices are generally considered more secure than “hot” wallets that are connected to the internet at all times as a result.

However, a recent Kaspersky investigation revealed a rare case of asset theft from a hardware wallet, showing how cybercriminals are devising new tactics to maximize their profits.

The victim did not make any transactions that day and the “cold” wallet was not connected to the computer. Thus, the victim did not immediately notice the theft and the scammer transferred 1.33 BTC (worth approximately $29,585) without the victim’s knowledge.

Although the copy they studied appeared identical to the original, the device showed signs of malicious tampering when they opened it.

Instead of being ultrasonically bonded together like genuine hardware wallets, each half of the device was filled with glue and held together with double-sided tape.

Additionally, the wallet had a different microcontroller with read protection mechanisms and the flash memory completely disabled, unlike the original.

This led the company’s investigators to conclude that the victim had purchased a hardware wallet that had already been infected.

The attackers made only three changes to the original bootloader firmware and the wallet itself.

They removed control of the protection mechanisms, replaced the randomly generated phrase with one of 20 predefined phrases, and used only the first character of any additional password.

This gave the attackers a total of 1,280 options to get the key to a fake wallet.

Thus, the attackers were able to carry out the operation while the dormant cryptocurrency wallet lay quietly in the owner’s safe.

The cryptocurrency wallet appeared to be functioning as usual, but from the beginning, the fraudsters were in complete control of it.

“Hardware wallets have long been considered one of the safest ways to store cryptocurrency, but cybercriminals have found new ways to profit by selling infected or fake devices to unsuspecting victims. Such attacks are completely preventable. Therefore, we strongly advise users to buy hardware wallets only from official and trusted sources to minimize the risk,” comments Stanislav Golovanov, a cyber incident investigation expert.

To stay safe, we recommend the following:

  • Buy from official sources: Buy hardware wallets only from official and trusted sources, such as the manufacturer’s website or authorized resellers.
  • Check for signs of tampering: Before using a new hardware wallet, inspect it for any signs of tampering, such as scratches, glue, or mismatched components.
  • Verify the firmware: Always verify that the firmware on the hardware wallet is legal and up-to-date. This can be done by checking the manufacturer’s website for the latest version.


- Advertisement -
- Advertisement -
- Advertisement -


- Advertisement -

Must Read

Read Next
Recommended to you