Kaspersky Uncovers Counterfeit Trezor Wallets That Jeopardize Crypto Assets With Pre-Knowledge of Private Key

10个月前
标签:比特币0541
文章来源: bitcoin.com

Kaspersky, the multinational cybersecurity and anti-virus provider, made a startling revelation on May 10th. According to their report, a victim of a crypto hack had unwittingly purchased a counterfeit Trezor Model T from a “trusted seller through a popular classifieds website.” The researchers at Kaspersky were able to extract the custom firmware that the hackers had installed on the device. This revealed that the private key was already known to the hackers before the victim had even purchased the machine.


It seems crypto enthusiasts need to be extra cautious about counterfeit Trezor hardware wallets circulating in the market, designed with the malicious intent of pilfering cryptocurrency holdings. This unsettling revelation underscores the imperative for heightened prudence and attentiveness when acquiring hardware devices related to digital currencies.


Kaspersky, the Russia-based cybersecurity firm, exposed this disconcerting development on May 10, 2023, subsequent to an examination of a forged Trezor Model T that had successfully stolen a victim’s virtual funds. The unsuspecting victim acquired the counterfeit Trezor from a “reliable vendor on a well-known online marketplace.”


Furthermore, the device’s packaging was meticulously sealed and utilized Trezor’s tamper-resistant holographic labels typically affixed to their products. “At first cursory glance, the wallet we examined appeared to be exactly the same as a genuine one, and showed no signs of tampering,” stated the researchers at Kaspersky. Yet, on a fateful occasion, “a large sum of money was transferred to someone else” a few weeks after the victim loaded the wallet with their cryptocurrency assets.


In an intriguing twist, Kaspersky also revealed that the fraudulent hardware wallet executed unauthorized transactions without even being connected to a computer. “When handling the wallet, nothing felt suspicious either: all the functions worked as they should, and the user interface was no different from the original one. However, mindful of the theft that had occurred via it, we delved deeper,” explained Kaspersky.


Kaspersky Uncovers Counterfeit Trezor Wallets That Jeopardize Crypto Assets With Pre-Knowledge of Private Key

Image shared by the cybersecurity firm Kaspersky on May 10, 2023, showing the difference between a real Trezor (pictured left) and the phony Trezor (pictured right).


A notable cause for concern arose when the counterfeit Trezor was found to possess bootloader version 2.0.4., a bootloader release that was deliberately omitted due to previous instances involving counterfeit devices. Gaining access to the internal components proved challenging due to copious amounts of adhesive and tape, a stark departure from Trezor’s meticulous ultrasonic bonding technique.


Moreover, distinct traces of soldering were evident, alongside the presence of an “entirely different microcontroller.” Kaspersky unveiled that their experts successfully extracted the counterfeit wallet’s firmware and, through painstaking code reconstruction, made a startling revelation: “attackers indeed knew the private key in advance.” Armed with this information, the attackers could commandeer the funds through an alternate wallet employing the same private key, thereby pilfering the valuable assets.


“The fake crypto wallet would operate as normal, but the attackers had full control over it from the very beginning,” Kaspersky detailed. “According to the transaction history, they were in no hurry, waiting a whole month after the wallet was credited for the first time before they grabbed the money. The owner had no protection whatsoever: the game was lost from the very moment the money first arrived in the Trojan wallet.”


The recent revelation serves as a stark reminder that individuals invested in cryptocurrencies must exercise heightened vigilance to safeguard their valuable digital assets. Over the years, attackers have honed their techniques for pilfering crypto holdings, presenting an ever-present threat.


While hardware wallets have long been regarded as a trusted solution, users must now grapple with the risks entangled within the intricate web of supply chains and so-called reputable vendors. Kaspersky’s groundbreaking discovery underscores the pressing need for individuals to exercise utmost diligence when entrusting significant sums of funds to a hardware device.


免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

评论

暂时没有评论,赶紧抢沙发吧!