Connect with us

Hi, what are you looking for?

Cryptocurrency

Study Shows Some $30,000 Stolen via Fake Hardware Wallet

Cryptocurrency investors often turn to hardware wallets as a secure way to store their digital assets, assuming that they are impenetrable. However, even the most advanced hardware wallets on the market may not be foolproof, and there are still risks associated with using fake or infected devices.

Kaspersky has shared the details behind the incident of cryptocurrency theft involving a hardware wallet, which resulted in the loss of 1.33 BTC worth $29,585.

Hardware wallets, also known as ‘cold’ wallets, store cryptocurrency keys on a device the size of a USB stick, which must be plugged into a computer to send crypto or interact with decentralised finance protocols. As a result, these devices are generally considered safer than ‘hot’ wallets that are connected to the Internet at all times.

However, a recent investigation by Kaspersky revealed a rare case of theft of assets from a hardware wallet, demonstrating how cybercriminals are coming up with new tactics to maximise their profits.

The victim did not make any transactions that day, and the cold wallet was not connected to the computer. Thus, the victim did not immediately notice the theft, and the fraudster transferred 1.33 BTC (worth around $29,585) without the victim’s knowledge.

Although the copy we studied appeared identical to the original, the device showed signs of malicious tampering upon opening it. Rather than being welded together ultrasonically like genuine hardware wallets, each half of the device was filled with glue and held together with double-sided tape.

Additionally, the wallet had a different microcontroller with read protection mechanisms and the flash memory completely disabled, instead of the original one. This led the company’s researchers to conclude that the victim had purchased a hardware wallet that had already been infected.

The attackers made only three changes to the original firmware of the bootloader and the wallet itself. They removed the control of protective mechanisms, replaced the randomly generated seed phrase with one of the 20 preset phrases, and used only the first character of any additional password. This gave the attackers a total of 1280 options to pick the key per one wallet.

Thus, the attackers were able to carry out the operation while the disabled crypto wallet was lying in the owner’s safe. The crypto wallet seemed to work as usual, but from the very beginning, the scammers had complete control over it.

“Hardware wallets have long been considered one of the safest ways to store cryptocurrency, but cybercriminals have found new ways to benefit by selling infected or fake devices to unsuspecting victims.

“Such attacks are totally preventable. Hence, we strongly advise users to only purchase hardware wallets from official and trusted sources to minimise the risk,” comments Stanislav Golovanov, Cyber Incidents Investigation Expert at Kaspersky.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

ad

You May Also Like

Politics

Senate has initiated steps to prohibit the use of foreign currencies for payments and transactions within the country. The proposed legislation, aimed at ensuring...

News

ESET, a global leader in digital security, has provided insights on the rising threat of online scams. In a significant operation earlier in the...

News

A high-level delegation from the Nigerian Air Force (NAF) recently visited Zinox Technologies, Africa’s foremost integrated ICT solutions company, exploring avenues for a strategic...

News

Inspector-General of Police (IGP), Kayode Egbetokun, has issued a directive banning arbitrary arrests, harassment of youths, and the checking of mobile phones by police...