‘Reliable’ marketplace distributed counterfeit Trezor wallets, resulting in cryptocurrency theft: Kaspersky

With the increasing demand for hardware cryptocurrency wallets, the Russian cybersecurity company Kaspersky has emphasized the necessity of utilizing genuine crypto devices.

Kaspersky cyber incident specialist Stanislav Golovanov reported on May 10 an issue involving counterfeit hardware wallets masquerading as products from the prominent wallet provider Trezor. This incident took place in March 2022.

The blog entry indicated that the fraudulent Trezor wallet enabled criminals to misappropriate Bitcoin (BTC) through a modified microcontroller, which permitted attackers to gain control over the user’s private keys.

The affected individual reportedly acquired a compromised hardware wallet that claimed to be Trezor’s advanced crypto wallet, the Trezor Model T. The counterfeit wallet was designed to closely resemble a legitimate Trezor Model T wallet, offering a typical range of wallet functionalities.

“While using the wallet, nothing seemed amiss: all features operated correctly, and the user interface was indistinguishable from the authentic one,” Golovanov stated.

However, the counterfeit wallet had been altered internally. According to the Kaspersky team, the attackers were able to access users’ crypto holdings by modifying the internal firmware. “The precise method of the theft remains uncertain,” Golovanov remarked, adding that the situation stemmed from a “typical supply chain attack.”

Genuine Trezor Model T (on the left) wallet versus a fake one (on the right). Source: Kaspersky

To mitigate supply chain attacks, Kaspersky’s cybersecurity professionals recommended that users purchase hardware wallets exclusively from the official vendor. The firm highlighted that the victim obtained the counterfeit Trezor wallet from a “trusted seller on a popular classifieds website.”

Golovanov refrained from naming the seller to Cointelegraph but noted that the transaction occurred via a “popular marketplace.”

“This is an advertisement platform featuring sections for general merchandise, job listings, real estate, vehicles for sale, and services. Such marketplaces are known to host fraudulent sellers who offer counterfeit or compromised devices,” the cybersecurity expert remarked.

The issue highlighted by Kaspersky is not unprecedented within the crypto community. Trezor publicly addressed the security breach involving tampered Trezor Model T devices in May 2022.

According to Trezor’s blog post, the issue primarily affected Trezor Model T wallets, with all devices being sourced from vendors in the Russian market. The firm stated:

“Some internal components had been replaced, allowing the malicious actors to spoof the device’s behavior and make its security features redundant.”

As per Trezor’s official website, the company currently has approximately 50 officially authorized resellers worldwide. These sellers are situated in various jurisdictions, including Canada, the United States, Singapore, India, Israel, Belarus, Ukraine, and others.

Related: To catch a scammer: Kraken builds fake crypto account to ‘bait’ fraudsters

In addition to supply chain security measures, Trezor also recommends that users take steps to verify their Trezor wallets, providing official guides for both Model One and Model T.

Trezor’s software also indicates any potential firmware problems by displaying alerts on the app screen.

Warning on unofficial firmware on Trezor Suite. Source: Trezor

“We would like to emphasize that we have a warning system in the Trezor Suite that notifies users if their device is operating on unofficial firmware,” a spokesperson for Trezor informed Cointelegraph.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story