Cryptocurrency investors often turn to hardware wallets as a secure way to store their digital assets, assuming that they are impenetrable. However, even the most advanced hardware wallets on the market may not be foolproof, and there are still risks associated with using fake or infected devices. Kaspersky shared the details behind the incident of cryptocurrency theft involving a hardware wallet, which resulted in the loss of 1.33 BTC worth $29,585.
Hardware wallets, also known as 'cold' wallets, store cryptocurrency keys on a device the size of a USB stick, which must be plugged into a computer to send crypto or interact with decentralized finance protocols. As a result, these devices are generally considered safer than 'hot' wallets that are connected to the internet at all times.
However, a recent investigation by Kaspersky revealed a rare case of theft of assets from a hardware wallet, demonstrating how cybercriminals are coming up with new tactics to maximize their profits. The victim did not make any transactions that day, and the cold wallet was not connected to the computer. The victim did not immediately notice the theft, and the fraudster transferred 1.33 BTC (worth around $29,585) without the victim's knowledge.
Although the copy we studied appeared identical to the original, the device showed signs of malicious tampering upon opening it. Rather than being welded together ultrasonically like hardware wallets, each half of the genuine device was filled with glue and held together with double-sided tape. Additionally, the wallet had a different microcontroller with read protection mechanisms and the flash memory completely disabled, instead of the original one. This led company's researchers to conclude that the victim had purchased a hardware wallet that had already been infected.
The attackers made only three changes to the original firmware of the bootloader and the wallet itself. They removed the control of protective mechanisms, replaced the randomly generated seed phrase with one of 20 preset phrases, and used only the first character of any additional password. This gave the attackers a total of 1280 options to pick up the key to one fake wallet.
Thus, the attackers were able to carry out the operation while the disabled crypto wallet was quietly lying in the owner's safe. The crypto wallet seemed to work as usual, but from the very beginning, the scammers had complete control over it.
'Hardware wallets have long been considered one of the safest ways to store cryptocurrency, but cybercriminals have found new ways to benefit by selling infected or fake devices to unsuspecting victims. Such attacks are totally preventable. Hence, we strongly advise users to only purchase hardware wallets from official and trusted sources to minimize the risk," comments Stanislav Golovanov, Cyber Incidents Investigation Expert.
To keep crypto assets safe, Kaspersky experts also recommend:
- Purchase from official sources: Only buy hardware wallets from official and trusted sources, such as the manufacturer's website or authorized resellers.
- Check for signs of tampering: Before using a new hardware wallet, inspect it for any signs of tampering, such as scratches, glue, or mismatched components.
- Verify the firmware: Always verify that the firmware on the hardware wallet is legitimate and up-to-date. This can be done by checking the manufacturer's website for the latest version.
- Secure your seed phrase: When setting up your hardware wallet, make sure to write down and securely store your seed phrase. A reliable security solution, such as Kaspersky Premium , will protect your crypto details stored on your mobile or PC.
- Use a strong password: If your hardware wallet allows for a password, use a strong and unique one. Avoid using easily guessable passwords or reusing passwords from other accounts.