Attackers have stolen $30,000 in Bitcoin through a fake hardware wallet.
Unknown criminals forged a hardware cryptocurrency wallet and withdrew 1.33 BTC (about $29,585).
According to experts, the victim bought an already-infected hardware wallet, and the factory packaging and holographic stickers looked untouched and did not seem suspicious.
When opening the device, Kaspersky Lab specialists found signs of malicious interference.
âThe housing was difficult to open: its two halves were held together with liberal quantities of glue and double-sided adhesive tape instead of the ultrasonic bonding used on factory-made Trezors. Even more curiously, inside there was an entirely different microcontroller showing traces of soldering,â they said.
At the initialization stage or when the wallet was reset, the randomly generated LED phrase was replaced with one that was pre-created and stored in the fraudulent firmware.
In addition, if the owner set an additional password to protect the master key, only its first character was used. Thus, in order to find the key to the fake wallet, the attackers had to sort through only 1,280 options.
Weâve told you before that hardware wallets are the safest way to store crypts.
However, attackers have found an original (letâs be honest) way to crack the âcoldâ protection: to sell infected or fake devices. If you opt to buy a cold-storage hardware wallet, remember to buy directly from the company.
