‘Trusted’ marketplace sold fake Trezor wallets stealing crypto: Kaspersky

Share This Post

Amid the rising popularity of hardware cryptocurrency wallets, the Russian cybersecurity firm Kaspersky has reminded users about the importance of using authentic crypto devices.

Kaspersky cyber incident expert Stanislav Golovanov on May 10 reported on an issue with fake hardware wallets impersonating major wallet firm Trezor. The incident occured in March 2022.

According to the blog post, the fake Trezor wallet allowed fraudsters to steal Bitcoin (BTC) via a replaced microcontroller, which enabled attackers to take over control of the user’s private keys.

The victim reportedly purchased a tampered hardware wallet that posed as Trezor’s advanced crypto wallet Trezor Model T. The fake wallet appeared to be exactly the same as a genuine Trezor Model T wallet, providing a standard set of wallet functions.

“When handling the wallet, nothing felt suspicious either: all the functions worked as they should, and the user interface was no different from the original one,” Golovanov wrote.

The fake wallet was tampered from the inside, though. According to the Kaspersky team, attackers managed to access users’ crypto assets by replacing the inner firmware. “The actual mechanism of the theft remains unclear,” Golovanov noted, adding that the issue was caused by a “typical supply chain attack.”

Genuine Trezor Model T (on the left) wallet versus a fake one (on the right). Source: Kaspersky

To prevent supply chain attacks, Kaspersky’s cybersecurity experts advised users to only buy hardware wallets directly from the official vendor. The firm noted that the victim bought the fake Trezor wallet through a “trusted seller through a popular classifieds website.”

Golovanov declined to specify the name of seller to Cointelegraph, but mentioned that the purchase was made through a “popular marketplace.”

“This is an advertisement website with sections devoted to general goods for sale, jobs, real estate, cars for sale, and services. Such marketplaces are known to have fraudulent sellers who resell fake or infected devices,” the cybersecurity expert noted.

The issue described by Kaspersky isn’t something new for the crypto community. Trezor publicly addressed the security incident involving tampered Trezor Model T devices in May 2022.

According to Trezor’s blog post, the described issue was mostly present on Trezor Model T wallets, with all devices being obtained from vendors on the Russian market. The firm wrote:

“Some internal components had been replaced, allowing the malicious actors to spoof the device’s behavior and make its security features redundant.”

According to Trezor’s official website, the firm currently has about 50 officially authorized resellers across the world. The sellers are located in many jurisdictions, including Canada, the United States, Singapore, India, Israel, Belarus, Ukraine and others.

Related: To catch a scammer: Kraken builds fake crypto account to ‘bait’ fraudsters

In addition to security measures related to the supply chain, Trezor also advises its users to follow steps to authenticate their Trezor wallets, providing official guides for Model One and Model T.

Trezor’s software also signals any potential firmware issues by alerting the issue on the app screen.

Warning on unofficial firmware on Trezor Suite. Source: Trezor

“We would like to point out that we have a warning system in the Trezor Suite that alerts users if their device uses an unofficial firmware,” a spokesperson for Trezor told Cointelegraph.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story