Cybersecurity researchers from Kaspersky have found that a hacker stole roughly $30,000 from a hardware wallet recently. In a press release issued earlier today, the company shared the details of this theft, where 1.33 BTC has been lost, which amounts to about $29,585.
The investigation showed that the victim didn’t notice the theft immediately and that the transfer was made without their knowledge. On the day of the theft, the victim did not keep the wallet connected to their computer and made no transactions.
Signs of Tampering
While the device seemed perfectly normal at first glance, the investigation also showed that the hardware wallet had signs of tampering.
Flash memory was disabled, and the wallet had a different microcontroller. In addition, the device was filled with glue and held together with double-sided tape, as opposed to being welded like authentic hardware wallets. All of this led the company’s researchers to deduce that the device in question was already infected before the purchase.
The scammers also changed the bootloader’s firmware to significantly reduce the effort needed to pick up a key to a fake wallet, the researchers said. The wallet was seemingly working properly, but from the very start, the hackers had absolute control of it.
Preventable Attacks
Hardware wallets (also known as “cold wallets”) are generally considered the safest way to store crypto. Unlike “hot wallets” (software wallets such as mobile apps, for example), hardware wallets cannot be accessed by compromising the mobile device that hosts them.
That’s why many crypto enthusiasts use hardware wallets as a safe and secure way to store their digital assets, thinking they are foolproof. That could be the case if the devices are acquired from verified, trusted sources and make it to the buyer untampered.
Furthermore, the researchers advise users to always check for signs of potential tampering, like glue or scratches, and to always verify that the firmware of the hardware wallet is up to date and legitimate, which can be done by checking the official manufacturer’s website.