A recent incident involving a modified hardware wallet has raised concerns in the cryptocurrency community. Security experts at Kaspersky have revealed that nearly $30,000 worth of cryptocurrency was stolen due to new tactics employed by cybercriminals.
The victim, who lost 1.33 BTC ($29,585), did not make any transactions on the day of the theft, and their cold wallet was not connected to a computer. This led to a delayed realization of the theft.
According to Stanislav Golovanov, a cyber incidents investigation expert at Kaspersky, hardware wallets have long been considered a secure way to store cryptocurrency. However, cybercriminals have found ways to sell infected or fake devices to unsuspecting victims for their benefit.
The investigation by Kaspersky revealed that the hardware wallet purchased by the victim had been tampered with. While it appeared identical to the original, it was poorly assembled with glue and tape instead of proper welding. The attackers made three key modifications to the firmware of the bootloader and wallet, including disabling protective mechanisms, replacing the random seed phrase with a preset one, and only using the first character of any additional password.
This allowed the attackers 1280 options to access the fake wallet’s key, giving them complete control over the disabled crypto wallet without detection. The microcontroller in the device had different read protection mechanisms, and the flash memory was disabled, indicating that the victim unknowingly purchased an infected hardware wallet.
To safeguard crypto assets, Kaspersky experts recommend purchasing hardware wallets only from authorized sources, checking for signs of tampering, verifying firmware authenticity, and securing seed phrases with strong passwords.
This incident follows a recent case where a US man was charged with fraudulently obtaining $110 million of cryptocurrency from exchange Mango Markets and its customers. It serves as a reminder for cryptocurrency users to remain vigilant and take necessary precautions to protect their digital assets.