A modified hardware wallet has been implicated in the theft of nearly $30,000 worth of cryptocurrency, according to security experts at Kaspersky.
The loss of 1.33 BTC ($29,585) was connected to new tactics, the company explained in a report shared with Infosecurity.
“Hardware wallets have long been considered one of the safest ways to store cryptocurrency, but cybercriminals have found new ways to benefit by selling infected or fake devices to unsuspecting victims,” commented Stanislav Golovanov, cyber incidents investigation expert.
The victim, in this case, did not make any transactions on the day their money was stolen and the cold wallet was not connected to a computer. Therefore, they only realized the theft later.
Read more on crypto-theft here: “Kekw” Malware in Python Packages Could Steal Data and Hijack Crypto
The Kaspersky investigation discovered that the hardware wallet the victim purchased had been tampered with. Although it looked the same as the original, it was not adequately welded together and instead held together with glue and tape.
The security experts explained that the attackers made three modifications to the original firmware of the bootloader and wallet: they disabled the protective mechanisms; replaced the random seed phrase with one of 20 pre-set phrases; and only used the first character of any additional password.
This reportedly gave the attackers 1280 options to access the fake wallet’s key. As a result, the attackers could operate the disabled crypto wallet without being detected, as it appeared to function normally. However, the attackers had complete control over it from the start.
Further, the microcontroller within the device was different and had read protection mechanisms, and the flash memory was completely disabled. This led Kaspersky researchers to conclude that the victim had unknowingly purchased an already infected hardware wallet.
To keep crypto assets safe, Kaspersky experts advised buying hardware wallets only from authorized sources, inspecting for signs of tampering, verifying the firmware and securing seed phrases with a strong password.
The discovery comes a few months after a US man was charged with fraudulently obtaining $110m of cryptocurrency from exchange Mango Markets and its customers.