A hardware wallet is a physical device designed for storing cryptocurrencies and is considered an important means of secure custody of crypto assets. Its built-in security chip stores private keys offline, ensuring that users have full control over their cryptocurrencies. Hardware wallets are usually operated offline, which further reduces the risk of being attacked by Internet hackers.
However, due to the general lack of understanding among the group, there are still a large number of fraud cases targeting novice users, resulting in the loss of assets stored in their hardware wallets.
The core of this type of theft is to take advantage of ordinary investors' lack of understanding of how to use hardware wallets, and replace the false instructions to mislead victims into transferring money to phishing addresses. The victim purchased a hardware wallet from a third-party e-commerce platform, opened the package, and opened the hardware wallet according to the "initial PIN code" marked on the "instruction manual". After backing up the "mnemonic words" printed on the "instruction manual", a large amount of assets were deposited into the wallet address, which was eventually stolen.
The reason is not that the wallet has been cracked at the hardware level, but that the thieves obtain the address mnemonics by pre-activating them, forging false instructions for secondary packaging, and then selling the activated hardware wallet to the victim through unofficial channels. Once the target object transfers encrypted assets to the address, it will enter the standard fake wallet theft process.
Well-known hardware wallet manufacturer imkey once issued a warning - it was found that some unofficial stores tampered with the instruction manual while selling "activated" hardware wallets, tricking users into depositing assets into the wallet address created in advance by the malicious merchants. It can be seen that the importance of identifying official e-commerce stores is equivalent to identifying official websites.
Hardware wallet device modified A Ledger user received a package without placing an order, which contained a brand new Ledger X hardware wallet and an attached letter. The letter stated that due to the cyber attack on Ledger, user data was leaked, and new hardware wallet devices were sent to affected customers, and the letter asked users to replace their devices for safety.
However, the authenticity of the letter is questionable, and Ledger CEO Pascal Gauthier has made it clear that the company will not make any compensation for the accidental disclosure of personal data. The user also said that this is a scam, and he shared more pictures and opened the device to show the inside of the hardware wallet plastic box, which clearly showed signs of tampering.
Supply chain attacks on hardware wallets have become very widespread, and ordinary players and hardware wallet manufacturers should be vigilant. The correct use method will effectively avoid the risk of theft:
1. Purchase hardware devices from official channels. Any hardware device purchased from unofficial channels is not safe.
2. Make sure the wallet is in an unactivated state. Officially sold hardware devices must be in an unactivated state. If investors find that the machine has been activated after turning it on, or even the manual prompts an "initial password" or "default address", please deactivate the device in time and provide feedback to the official hardware wallet.
3. Ensure that the address is generated by the user. In addition to the device activation process, setting the PIN code, generating the binding code, creating the address and backing it up also need to be completed by the user. Any operation by a third party will bring asset risks to the user. Under normal circumstances, the hardware wallet device should be in an unactivated state, that is, when using the hardware wallet for the first time, the user should activate the device, create a wallet, back up the mnemonic and set the PIN code. #硬件钱包 #钱包