According to the company, cryptocurrency investors often turn to hardware wallets as a secure way to store their digital assets, assuming that they are impenetrable.
Hardware wallets, also known as cold wallets, store cryptocurrency keys on a device the size of a USB stick. This device needs to be plugged into a computer to send cryptocurrency or interact with decentralized finance protocols. As a result, these devices are generally considered more secure than hot wallets, which are always connected to the internet.
However, a recent investigation by Kaspersky revealed a rare case of crypto-assets being stolen from a hardware wallet. This is an important indication that cybercriminals are developing new tactics to maximize their profits.
The victim in this case had not made any transactions that day and his cold wallet was not connected to his computer. Therefore, he did not immediately notice the theft and the scammers managed to transfer 1.33 BTC worth approximately $29,585 without his knowledge.
Although the examined copy appeared identical to the original, opening the device revealed signs of malicious tampering. Unlike the original hardware wallets, instead of the components being ultrasonically welded together, the inside of the device was filled with glue and the hardware components were held together with double-sided tape. In addition, the wallet had a different microcontroller with read protection mechanisms instead of the original, and the flash memory was completely disabled. This led Kaspersky researchers to conclude that the victim had purchased a previously infected hardware wallet.
The attackers make three separate changes to the original firmware of the bootloader and wallet. They remove control of protective mechanisms, replace the randomly generated seed expression with one of 20 preset expressions, and use only the first character of any additional password.
This gives attackers a total of 1280 options to choose a wallet key. Thus, the attackers can perform the operation even when the disabled crypto wallet is sitting in the owner’s vault. The crypto wallet appears to be working as usual, but the fraudsters have full control over it from the very beginning.
‘İt Is Possible To Completely Prevent Such Attacks’
Stanislav Golovanov, Kaspersky Cyber Incident Investigator, said that hardware wallets have long been considered one of the safest ways to store cryptocurrencies, but cybercriminals have found new ways to seize their assets by selling infected or counterfeit devices to unsuspecting victims.
Golovanov said: ‘It is possible to completely prevent such attacks. We persistently advise users to purchase hardware wallets only from official and trusted sources to minimize the risk.
Kaspersky experts recommend the following for those who want to keep their crypto assets safe:
‘Buy your wallet from official sources. Take care to buy hardware wallets only from official and trusted sources, such as the manufacturer’s website or authorized resellers. Check the hardware for signs of tampering. Before using a new hardware wallet, inspect it for any signs of tampering such as scratches, glue or incompatible components. Verify the firmware. Always verify that the firmware on the hardware wallet is legal and up-to-date. You can do this by checking the manufacturer’s website for the latest version.
Secure your seed phrase. When setting up your hardware wallet, make sure to write your seed phrase and store it securely. A reliable security solution like Kaspersky Premium will protect your crypto information stored on your mobile phone or computer. Use a strong password. If your hardware wallet allows using passwords, use a strong and unique password. Avoid using easily guessable passwords or reusing passwords from other accounts.’