Bitcoin News and Finance Kaspersky Uncovers Counterfeit Trezor Wallets That Jeopardize Crypto Assets With Pre-Knowledge of Private Key Skip to main content

Kaspersky Uncovers Counterfeit Trezor Wallets That Jeopardize Crypto Assets With Pre-Knowledge of Private Key

Kaspersky Uncovers Counterfeit Trezor Wallets That Jeopardize Crypto Assets With Pre-Knowledge of Private Key

Kaspersky, the multinational cybersecurity and anti-virus provider, made a startling revelation on May 10th. According to their report, a victim of a crypto hack had unwittingly purchased a counterfeit Trezor Model T from a “trusted seller through a popular classifieds website.” The researchers at Kaspersky were able to extract the custom firmware that the hackers had installed on the device. This revealed that the private key was already known to the hackers before the victim had even purchased the machine.

Cybersecurity Firm Kaspersky Investigates Phony Trezor Hardware Wallet

It seems crypto enthusiasts need to be extra cautious about counterfeit Trezor hardware wallets circulating in the market, designed with the malicious intent of pilfering cryptocurrency holdings. This unsettling revelation underscores the imperative for heightened prudence and attentiveness when acquiring hardware devices related to digital currencies.

Kaspersky, the Russia-based cybersecurity firm, exposed this disconcerting development on May 10, 2023, subsequent to an examination of a forged Trezor Model T that had successfully stolen a victim’s virtual funds. The unsuspecting victim acquired the counterfeit Trezor from a “reliable vendor on a well-known online marketplace.”

Furthermore, the device’s packaging was meticulously sealed and utilized Trezor’s tamper-resistant holographic labels typically affixed to their products. “At first cursory glance, the wallet we examined appeared to be exactly the same as a genuine one, and showed no signs of tampering,” stated the researchers at Kaspersky. Yet, on a fateful occasion, “a large sum of money was transferred to someone else” a few weeks after the victim loaded the wallet with their cryptocurrency assets.

In an intriguing twist, Kaspersky also revealed that the fraudulent hardware wallet executed unauthorized transactions without even being connected to a computer. “When handling the wallet, nothing felt suspicious either: all the functions worked as they should, and the user interface was no different from the original one. However, mindful of the theft that had occurred via it, we delved deeper,” explained Kaspersky.

A notable cause for concern arose when the counterfeit Trezor was found to possess bootloader version 2.0.4., a bootloader release that was deliberately omitted due to previous instances involving counterfeit devices. Gaining access to the internal components proved challenging due to copious amounts of adhesive and tape, a stark departure from Trezor’s meticulous ultrasonic bonding technique.

Moreover, distinct traces of soldering were evident, alongside the presence of an “entirely different microcontroller.” Kaspersky unveiled that their experts successfully extracted the counterfeit wallet’s firmware and, through painstaking code reconstruction, made a startling revelation: “attackers indeed knew the private key in advance.” Armed with this information, the attackers could commandeer the funds through an alternate wallet employing the same private key, thereby pilfering the valuable assets.

“The fake crypto wallet would operate as normal, but the attackers had full control over it from the very beginning,” Kaspersky detailed. “According to the transaction history, they were in no hurry, waiting a whole month after the wallet was credited for the first time before they grabbed the money. The owner had no protection whatsoever: the game was lost from the very moment the money first arrived in the Trojan wallet.”

The recent revelation serves as a stark reminder that individuals invested in cryptocurrencies must exercise heightened vigilance to safeguard their valuable digital assets. Over the years, attackers have honed their techniques for pilfering crypto holdings, presenting an ever-present threat.

While hardware wallets have long been regarded as a trusted solution, users must now grapple with the risks entangled within the intricate web of supply chains and so-called reputable vendors. Kaspersky’s groundbreaking discovery underscores the pressing need for individuals to exercise utmost diligence when entrusting significant sums of funds to a hardware device.

What steps do you think crypto enthusiasts should take to protect their digital assets from the growing threat of counterfeit hardware wallets? Share your insights and strategies in the comments section below.

Comments

Popular posts from this blog

Custodial Lightning Network Service Attack Discovered by LN ‘Newbie’ — Hacker Strikes 6 LN Custodians

On September 18, a Redditor posted to the r/bitcoin forum and explained how he discovered a way to “attack [the] lightning Network’s custodial services.” The Reddit account dubbed “Reckless Satoshi” wanted to figure out if a “discrepancy between real routing fees and service’s transaction fee can be exploited for a profit.” The researcher disclosed that he wanted to see how large the damage could be and said “it is bad.” 6 Lightning Network Custodial Services Attacked, Researcher Discloses Findings to Offenders Prior to Public Disclosure A Redditor called Reckless Satoshi published a disclosure post on r/bitcoin this past Saturday and disclosed how he had found a vulnerability with routing fees and some of the Lightning Network’s custodial services. The research attack was done in good faith and after it was complete he disclosed the bugs to the offending services before publishing his findings. Reckless Satoshi used the Lightning Network (LN) attack on six different services incl...

Axie Infinity Down 40% Since Last Week’s Price High, Protocol Revenue Outshines Competitors

Last week, the game token leveraged within the Axie Infinity gaming universe skyrocketed to all-time highs, while other crypto markets remained extremely lackluster. During the last seven days, Axie Infinity’s platform token has dropped significantly in value shedding more than 12%. Meanwhile, the game platform’s smooth love potion token has slid over 8% over the last 24 hours. Axie Infinity Down More Than 40% Since All-Time High Not too long ago, the axie infinity (AXS) token was a topical conversation because it reached an all-time high on July 15. At the time, AXS managed to capture $28.93 per unit and since then it has shed 12.8% during the last seven days. The axie infinity (AXS) token is used within the blockchain-based game that involves battles between token-based creatures called “Axies.” AXS is used for the game’s governance system as well as other actions within the game. At the time of writing axie infinity (AXS) is exchanging hands for $16.70 per coin. AXS/USD on Ju...

Play-to-Earn Game From Polker (PKR) Exchange Listing – Endorsed by Akon

The Play-to-Earn NFT based Polker.Game ‘s native token $PKR has been officially listed on the popular centralized exchange BitMart. Polker.game has been in the spotlight recently as Akon, the American R&B superstar and record producer gave his official endorsement of polker stating that the “game is revolutionary” and that Polker is “hands down.. the best play to earn, NFT game in the space.”. With the BitMart listing and celebrity endorsement from Akon, Polker is perfectly positioned to become a major player in the Play-to-Earn league. Watch Akon’s Video Here What is Play-to-Earn? Although not a new concept, play-to-earn has become a trending term due to the popularity of the NFT game AXIE infinity. In the past, previous play-to-earn games have also achieved success – however, thanks to the huge amount of development in the blockchain space in recent years the gaming experience is now massively improved. Play-to-Earn games are essentially free to play and open to anyone and...

China to Crack Down on Copyright Infringement Through NFTs

Authorities in China are going after creators of digital collectibles based on other people’s works of art, the use of which was not authorized. The government offensive is part of a campaign to combat online copyright infringement and piracy with the participation of several departments. Regulators in China Move to Strengthen Copyright Supervision of Online Platforms The National Copyright Administration of China (NCAC) has recently launched a campaign against copyright infringement and piracy on the internet, together with the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Internet Information Office of the People’s Republic. A major objective of the initiative is to improve copyright supervision of online businesses by investigating cases involving the sale and distribution of infringing products on short video, live broadcast and e-commerce platforms, and promptly dealing with infringing content, the agency announced in a press r...
Blogarama - Blog Directory