Kaspersky Uncovers Tampered Trezor Wallets
Amid the rising popularity of hardware cryptocurrency wallets, the Russian cybersecurity firm Kaspersky has reminded users about the importance of using authentic crypto devices. Kaspersky cyber incident expert Stanislav Golovanov recently reported an issue involving fake hardware wallets impersonating the major wallet firm Trezor.
The Deception Unveiled
According to Golovanov’s blog post, the fraudulent wallet allowed perpetrators to steal Bitcoin via a replaced microcontroller, which enabled attackers to take over control of the user’s private keys. The unsuspecting victim had purchased a tampered hardware wallet that posed as Trezor’s advanced crypto wallet Trezor Model T. The fraudulent wallet was an exact replica of a genuine Trezor Model T wallet, providing a standard set of wallet functions.
Inside the Tampered Wallet
Attackers managed to access users’ crypto assets by replacing the inner firmware. “The actual mechanism of the theft remains unclear,” Golovanov noted, adding that the issue was a result of a “typical supply chain attack.”
To prevent such attacks, Kaspersky’s cybersecurity experts advise users to only purchase hardware wallets directly from the official vendor. The firm noted that the victim had purchased the fake Trezor wallet through a “trusted seller on a popular classifieds website.”
Trezor’s Response to the Incident
The issue highlighted by Kaspersky isn’t new for the crypto community. In 2022, Trezor publicly addressed security incidents involving tampered Trezor Model T devices. Most of these tampered devices were obtained from vendors on the Russian market.
Trezor also advises its users to follow steps to authenticate their wallets, providing official guides for Model One and Model T. The software signals any potential firmware issues by alerting users on the app screen.
“We have a warning system in the Trezor Suite that alerts users if their device uses an unofficial,” a spokesperson for Trezor said.
The recent incident serves as a stern reminder for cryptocurrency users to prioritize security by ensuring they purchase their hardware wallets from official vendors and verify the authenticity of their devices.
