Kaspersky Finds Crypto Asset Theft Through Fake Hardware Wallets
JAKARTA - It is not uncommon for crypto asset investors to switch to a hardware wallet or Cold wallet the size of a USB stick, to store crypto asset keys because they are considered safer than those connected to the internet at any time.
However, the latest investigation by Kaspersky revealed a case of asset theft, in which cybercriminals made advanced tactics to maximize their profits by stealing 1.33 BTC equivalent ($29,585) without the victim's knowledge, as their hardware wallet was not connected to the computer.
"Hardware wallets have long been considered as one of the safest ways to store cryptocurrency assets, but cybercriminals have found new ways to profit by selling fake or infected devices to unwary victims," Stanislav Golovanov, Cyber Incident Investigation Expert Maya in a statement received in Jakarta.
According to Kaspersky, the fake device that was seen showed signs of interference when opening it. Instead of blending together ultrasonically like the original hardware wallet, each part of the device is filled with glue and combined with two-sided supplements.
اقرأ أيضا:
In addition, the wallet has a different microcontroller with a fully disabled reading protection mechanism and flash memory, when compared to the original. Thus, the researchers concluded that the victim had purchased an infected hardware wallet.
The attackers only made three changes to the original firmware of the bootloader and wallet itself. They removed the control of the protection mechanism, replaced the seed phrases made randomly with one of the 20 phrases that had been established, and used only the first character of the additional password. This gives the attacker a total of 1,280 options to take the key to one fake wallet.
Thus, attackers can carry out temporary operations of a disabled crypto wallet lying secretly in the owner's safe. Crypto wallets may seem to work as usual, but from the start, scammers have complete control over the device.
"Such attacks can really be prevented. Therefore, we strongly advise users to simply buy hardware wallets from authorized and trusted sources to minimize risk," added Golovov.