2 years ago
Amid the rising popularity of hardware cryptocurrency wallets, the Russian cybersecurity steadfast Kaspersky has reminded users astir the value of utilizing authentic crypto devices.
Kaspersky’s cyber incidental adept Stanislav Golovanov connected May 10 reported connected an contented with fake hardware wallets impersonating large wallet steadfast Trezor.
According to the blog post, the fake wallet allowed fraudsters to bargain Bitcoin (BTC) via a replaced microcontroller, which enabled attackers to instrumentality implicit power of the user's backstage keys.
The unfortunate reportedly purchased a tampered hardware wallet that posed arsenic Trezor’s precocious crypto wallet Trezor Model T. The fake wallet appeared to beryllium precisely the aforesaid arsenic a genuine Trezor Model T wallet, providing a modular acceptable of wallet functions.
“When handling the wallet, thing felt suspicious either: each the functions worked arsenic they should, and the idiosyncratic interface was nary antithetic from the archetypal one,” Golovanov wrote.
The fake wallet was tampered from the inside, though. According to the Kaspersky team, attackers managed to entree users' crypto assets by replacing the interior firmware. “The existent mechanics of the theft remains unclear,” Golovanov noted, adding that the contented was caused by a “typical proviso concatenation attack.”
Genuine Trezor Model T (on the left) wallet versus a fake 1 (on the right). Source: KasperskyTo forestall proviso concatenation attacks, Kaspersky’s cybersecurity experts advised users to lone bargain hardware wallets straight from the authoritative vendor. The steadfast noted that the unfortunate bought the fake Trezor wallet done a “trusted seller done a fashionable classifieds website.”
Kaspersky didn’t instantly respond to Cointelegraph’s petition to remark connected precisely which reseller was progressive successful the incident.
The contented described by Kaspersky isn’t thing caller for the crypto community. In 2022, Trezor publically addressed information incidents involving tampered Trezor Model T devices.
According to Trezor's blog post, the described contented was mostly contiguous connected Trezor Model T wallets, with each devices being obtained from vendors connected the Russian market. The steadfast wrote:
“Some interior components had been replaced, allowing the malicious actors to spoof the device’s behaviour and marque its information features redundant.”According to Trezor’s authoritative website, the steadfast presently has astir 50 officially authorized resellers crossed the world. The sellers are located successful galore jurisdictions, including countries similar Canada, the United States, Singapore, India, Israel, Belarus, Ukraine and others. There are presently nary authorized Trezor wallet resellers successful Russia, according to the website.
Related: To drawback a scammer: Kraken builds fake crypto relationship to ‘bait’ fraudsters
In summation to information measures related to proviso chain, Trezor besides advises its users to travel steps to authenticate their Trezor wallets, providing authoritative guides for Model One and Model T.
Trezor’s bundle besides signals immoderate imaginable firmware issues done alerting the contented connected the app screen.
Warning connected unofficial firmware connected Trezor Suite. Source: Trezor“We would similar to constituent retired that we person a informing strategy successful the Trezor Suite that alerts users if their instrumentality uses an unofficial,” a spokesperson for Trezor told Cointelegraph.
Magazine: $3.4B of Bitcoin successful a popcorn tin — The Silk Road hacker’s story
English (US) 