Crypto

‘Trusted seller’ vends fake Trezor wallets stealing crypto: Kaspersky

Amid the rising popularity of hardware cryptocurrency wallets, the Russian cybersecurity firm Kaspersky has reminded users about the importance of using authentic crypto devices.

Kaspersky’s cyber incident expert Stanislav Golovanov on May 10 reported on an issue with fake hardware wallets impersonating major wallet firm Trezor.

According to the blog post, the fake wallet allowed fraudsters to steal Bitcoin (BTC) via a replaced microcontroller, which enabled attackers to take over control of the user’s private keys.

The victim reportedly purchased a tampered hardware wallet that posed as Trezor’s advanced crypto wallet Trezor Model T. The fake wallet appeared to be exactly the same as a genuine Trezor Model T wallet, providing a standard set of wallet functions.

“When handling the wallet, nothing felt suspicious either: all the functions worked as they should, and the user interface was no different from the original one,” Golovanov wrote.

The fake wallet was tampered from the inside, though. According to the Kaspersky team, attackers managed to access users’ crypto assets by replacing the inner firmware. “The actual mechanism of the theft remains unclear,” Golovanov noted, adding that the issue was caused by a “typical supply chain attack.”

Genuine Trezor Model T (on the left) wallet versus a fake one (on the right). Source: Kaspersky

To prevent supply chain attacks, Kaspersky’s cybersecurity experts advised users to only buy hardware wallets directly from the official vendor. The firm noted that the victim bought the fake Trezor wallet through a “trusted seller through a popular classifieds website.”

Kaspersky didn’t immediately respond to Cointelegraph’s request to comment on exactly which reseller was involved in the incident.

The issue described by Kaspersky isn’t something new for the crypto community. In 2022, Trezor publicly addressed security incidents involving tampered Trezor Model T devices.

According to Trezor’s blog post, the described issue was mostly present on Trezor Model T wallets, with all devices being obtained from vendors on the Russian market. The firm wrote:

“Some internal components had been replaced, allowing the malicious actors to spoof the device’s behavior and make its security features redundant.”

According to Trezor’s official website, the firm currently has about 50 officially authorized resellers across the world. The sellers are located in many jurisdictions, including countries like Canada, the United States, Singapore, India, Israel, Belarus, Ukraine and others. There are currently no authorized Trezor wallet resellers in Russia, according to the website.

Related: To catch a scammer: Kraken builds fake crypto account to ‘bait’ fraudsters

In addition to security measures related to supply chain, Trezor also advises its users to follow steps to authenticate their Trezor wallets, providing official guides for Model One and Model T.

Trezor’s software also signals any potential firmware issues through alerting the issue on the app screen.

Warning on unofficial firmware on Trezor Suite. Source: Trezor

“We would like to point out that we have a warning system in the Trezor Suite that alerts users if their device uses an unofficial,” a spokesperson for Trezor told Cointelegraph.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story