In a world where hardware cryptocurrency wallets are gaining popularity, cybersecurity firm Kaspersky stresses the importance of utilizing authentic crypto devices. According to a recent blog post by Kaspersky’s cyber incident expert Stanislav Golovanov, fake hardware wallets posing as major wallet firm Trezor have been spotted.
These counterfeit wallets permit fraudsters to steal Bitcoin (BTC) by replacing the microcontroller, enabling them to seize control of the user’s private keys. One user reportedly bought a tampered hardware wallet that posed as Trezor’s advanced crypto wallet, Trezor Model T. Surprisingly, the fake wallet showed no external differences from the genuine Trezor Model T wallet and carried out all standard functions.
However, the deception lay within the wallet. According to Kaspersky’s team, attackers managed to access users’ crypto assets by replacing the inner firmware. While the actual mechanism of the theft remains unclear, Golovanov attributed the issue to a “typical supply chain attack.”
To safeguard against supply chain attacks, Kaspersky’s cybersecurity experts recommend purchasing hardware wallets directly from the official vendor. In this particular case, the victim bought the counterfeit Trezor wallet from a “trusted seller through a popular classifieds website.”
Instances of tampered Trezor Model T devices are not an entirely new phenomenon in the crypto community. In 2022, Trezor publicly addressed security incidents involving such wallets. The majority of the affected devices were obtained from vendors in the Russian market, and some internal components had been replaced, allowing malicious actors to spoof the device’s behavior and render its security features ineffective.
Trezor currently boasts about 50 officially authorized resellers worldwide, spanning jurisdictions like Canada, the United States, Singapore, India, Israel, Belarus, and Ukraine. However, the company’s website lists no authorized resellers in Russia.
In addition to supply chain security measures, Trezor encourages users to follow steps to authenticate their wallets using official guides for Model One and Model T. The Trezor Suite software also alerts users of potential firmware issues via in-app notifications.
A spokesperson for Trezor stated, “We would like to point out that we have a warning system in the Trezor Suite that alerts users if their device uses an unofficial firmware.” As the popularity of hardware crypto wallets continues to soar, it becomes increasingly essential for users to remain vigilant and opt for verified devices to mitigate the risk of counterfeit wallets and potential financial loss.
Source: Cointelegraph