Unidentified criminals spoofed a hardware cryptocurrency wallet and withdrew 1.33 BTC ($29,585 at the time of investigation) from it. Experts of Kaspersky Lab reported about it.
The attackers were able to steal the money while the device, disconnected from the Internet, was in the owner’s safe. On the day of the theft, the victim did not perform any operations with him, so he did not immediately notice what happened.
According to experts, the victim bought an already infected hardware wallet, and the factory packaging and holographic stickers looked intact and did not arouse suspicion.
When opening the device, the company’s specialists found signs of malicious interference.
“Instead of ultrasonic welding, the halves of the wallet were filled with glue and fastened with double-sided tape. They replaced the original microcontroller with their own, with modified firmware and bootloader, removing the control of protective mechanisms, ”they said.
From the very beginning, the scammers had complete control over the device.
At the initialization stage or when resetting the wallet, a randomly generated seed phrase was replaced with one of 20 pre-created and saved in the fraudulent firmware.
In addition, if the owner set an additional password to protect the master key, only its first character was used. Thus, in order to pick up the key to a particular fake wallet, the attackers had to go through a total of 1280 options.
“Although hardware wallets are considered one of the safest ways to store cryptocurrencies, attackers have found a way to hack them by selling infected or fake devices,” Kaspersky Lab experts noted.
Recall that in February, the MetaMask team warned about phishing attacks from fake company addresses.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!
Unidentified criminals spoofed a hardware cryptocurrency wallet and withdrew 1.33 BTC ($29,585 at the time of investigation) from it. Experts of Kaspersky Lab reported about it.
The attackers were able to steal the money while the device, disconnected from the Internet, was in the owner’s safe. On the day of the theft, the victim did not perform any operations with him, so he did not immediately notice what happened.
According to experts, the victim bought an already infected hardware wallet, and the factory packaging and holographic stickers looked intact and did not arouse suspicion.
When opening the device, the company’s specialists found signs of malicious interference.
“Instead of ultrasonic welding, the halves of the wallet were filled with glue and fastened with double-sided tape. They replaced the original microcontroller with their own, with modified firmware and bootloader, removing the control of protective mechanisms, ”they said.
From the very beginning, the scammers had complete control over the device.
At the initialization stage or when resetting the wallet, a randomly generated seed phrase was replaced with one of 20 pre-created and saved in the fraudulent firmware.
In addition, if the owner set an additional password to protect the master key, only its first character was used. Thus, in order to pick up the key to a particular fake wallet, the attackers had to go through a total of 1280 options.
“Although hardware wallets are considered one of the safest ways to store cryptocurrencies, attackers have found a way to hack them by selling infected or fake devices,” Kaspersky Lab experts noted.
Recall that in February, the MetaMask team warned about phishing attacks from fake company addresses.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!
