{"id":18676,"date":"2023-05-16T16:00:56","date_gmt":"2023-05-16T16:00:56","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/trusted-seller-vends-fake-trezor-wallets-stealing-crypto-kaspersky\/"},"modified":"2023-05-16T16:00:59","modified_gmt":"2023-05-16T16:00:59","slug":"trusted-seller-vends-fake-trezor-wallets-stealing-crypto-kaspersky","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/trusted-seller-vends-fake-trezor-wallets-stealing-crypto-kaspersky\/","title":{"rendered":"\u2018Trusted seller\u2019 vends fake Trezor wallets stealing crypto: Kaspersky"},"content":{"rendered":"
\n

Amid the rising popularity of hardware cryptocurrency wallets, the Russian cybersecurity firm Kaspersky has reminded users about the importance of using authentic crypto devices.<\/p>\n

Kaspersky\u2019s cyber incident expert Stanislav Golovanov on May 10 reported on an issue with fake hardware wallets impersonating major wallet firm Trezor.<\/p>\n

According to the blog post, the fake wallet allowed fraudsters to steal Bitcoin (BTC) via a replaced microcontroller, which enabled attackers to take over control of the user’s private keys.<\/p>\n

The victim reportedly purchased a tampered hardware wallet that posed as Trezor\u2019s advanced crypto wallet Trezor Model T. The fake wallet appeared to be exactly the same as a genuine Trezor Model T wallet, providing a standard set of wallet functions.<\/p>\n

\u201cWhen handling the wallet, nothing felt suspicious either: all the functions worked as they should, and the user interface was no different from the original one,\u201d Golovanov wrote.<\/p>\n

The fake wallet was tampered from the inside, though. According to the Kaspersky team, attackers managed to access users’ crypto assets by replacing the inner firmware. \u201cThe actual mechanism of the theft remains unclear,\u201d Golovanov noted, adding that the issue was caused by a \u201ctypical supply chain attack.\u201d<\/p>\n

Genuine Trezor Model T (on the left) wallet versus a fake one (on the right). Source: Kaspersky<\/em><\/figcaption><\/figure>\n

To prevent supply chain attacks, Kaspersky\u2019s cybersecurity experts advised users to only buy hardware wallets directly from the official vendor. The firm noted that the victim bought the fake Trezor wallet through a \u201ctrusted seller through a popular classifieds website.\u201d<\/p>\n

Kaspersky didn\u2019t immediately respond to Cointelegraph\u2019s request to comment on exactly which reseller was involved in the incident.<\/p>\n

The issue described by Kaspersky isn\u2019t something new for the crypto community. In 2022, Trezor publicly addressed security incidents involving tampered Trezor Model T devices.<\/p>\n

According to Trezor’s blog post, the described issue was mostly present on Trezor Model T wallets, with all devices being obtained from vendors on the Russian market. The firm wrote:<\/p>\n

\u201cSome internal components had been replaced, allowing the malicious actors to spoof the device\u2019s behavior and make its security features redundant.\u201d<\/p><\/blockquote>\n

According to Trezor\u2019s official website, the firm currently has about 50 officially authorized resellers across the world. The sellers are located in many jurisdictions, including countries like Canada, the United States, Singapore, India, Israel, Belarus, Ukraine and others. There are currently no authorized Trezor wallet resellers in Russia, according to the website.<\/p>\n

Related: <\/em><\/strong>To catch a scammer: Kraken builds fake crypto account to \u2018bait\u2019 fraudsters<\/em><\/strong><\/p>\n

In addition to security measures related to supply chain, Trezor also advises its users to follow steps to authenticate their Trezor wallets, providing official guides for Model One and Model T.<\/p>\n

Trezor\u2019s software also signals any potential firmware issues through alerting the issue on the app screen.<\/p>\n

Warning on unofficial firmware on Trezor Suite. Source: Trezor<\/em><\/figcaption><\/figure>\n

\u201cWe would like to point out that we have a warning system in the Trezor Suite that alerts users if their device uses an unofficial,\u201d a spokesperson for Trezor told Cointelegraph.<\/p>\n

Magazine<\/em><\/strong>: $3.4B of Bitcoin in a popcorn tin \u2014 The Silk Road hacker\u2019s story<\/em><\/strong><\/p>\n