Hardware wallets are used as the safest way to store digital assets. However, even the most advanced hardware wallets on the market carry risks. Cybersecurity firm Kaspersky has shared details of a hardware wallet theft that resulted in the loss of 1.33 BTC worth approximately $29,585.
According to a recent investigation by Kaspersky, crypto assets were stolen from a hardware wallet. This counts as important evidence that cybercriminals are developing new tactics to maximize their profits. The cold wallet of the victim of the incident in question was not connected to the computer that day and the victim had not taken any action. For this reason, the person did not immediately notice the theft. Meanwhile, the scammers managed to transfer 1.33 BTC worth approximately $29,585.
Despite the fact that the examined copy looked identical to the original, when the device was turned on, traces of malicious people appeared. The wallet had a different microcontroller with read protection mechanisms instead of the original one. However, the flash memory was completely disabled. This led Kaspersky researchers to conclude that the victim purchased a previously infected hardware wallet.
Hardware wallet attack
The attackers made three separate changes to the original software of the bootloader and wallet. By unchecking the protective mechanisms, the attackers replaced the randomly generated seed phrase with one of 20 preset phrases. Stanislav Golovanov, Kaspersky Cyber Case Investigator, said:
Hardware wallets have long been considered one of the safest ways to store cryptocurrencies. But cybercriminals have found new ways to seize their assets by selling infected or counterfeit devices to unsuspecting victims. It is possible to completely prevent such attacks. We strongly advise users to purchase hardware wallets only from official and reliable sources to minimize risk.
Kaspersky experts recommend the following for those who want to keep their crypto assets safe:
Buy your wallet from official sources. Make sure to only buy hardware wallets from official and reliable sources, such as the manufacturer’s website or authorized resellers.
Check the hardware for signs of tampering. Before using a new hardware wallet, inspect it for any signs of tampering, such as scratches, glue, or incompatible components. Verify the firmware. Always verify that the firmware in the hardware wallet is legitimate and up to date. You can do this by checking the manufacturer’s website for the latest version.Secure your seed phrase. When setting up your hardware wallet, be sure to write your seed phrase and keep it safe. A reliable security solution like Kaspersky Premium will protect your crypto information stored on your mobile phone or computer.
Use a strong password. If your hardware wallet allows using a password, use a strong and unique password. Avoid using easily guessable passwords or reusing passwords from other accounts.