‘Trusted seller’ vends fake Trezor wallets stealing crypto: Kaspersky

Amid the increasing popularity of hardware cryptocurrency wallets, the Russian cybersecurity company Kaspersky has actually advised users about the importance of utilizing authentic crypto devices.Kasperskys cyber event specialist Stanislav Golovanov on May 10 reported on an issue with phony hardware wallets impersonating major wallet company Trezor.According to the post, the phony wallet permitted scammers to steal Bitcoin (BTC) by means of a changed microcontroller, which made it possible for attackers to take control of control of the users private keys.The victim reportedly purchased a tampered hardware wallet that impersonated Trezors innovative crypto wallet Trezor Model T. The phony wallet seemed exactly the very same as a genuine Trezor Model T wallet, providing a basic set of wallet functions. ” When dealing with the wallet, absolutely nothing felt suspicious either: all the functions worked as they should, and the user interface was no different from the initial one,” Golovanov wrote.The phony wallet was tampered from the inside. According to the Kaspersky group, aggressors managed to gain access to users crypto possessions by replacing the inner firmware. “The real mechanism of the theft stays unclear,” Golovanov noted, including that the problem was triggered by a “typical supply chain attack.” Genuine Trezor Model T (on the left) wallet versus a fake one (on the right). Source: KasperskyTo avoid supply chain attacks, Kasperskys cybersecurity specialists encouraged users to just buy hardware wallets straight from the main vendor. The company noted that the victim bought the fake Trezor wallet through a “trusted seller through a popular classifieds website.” Kaspersky didnt instantly respond to Cointelegraphs request to comment on exactly which reseller was associated with the incident.The issue described by Kaspersky isnt something brand-new for the crypto community. In 2022, Trezor publicly addressed security occurrences involving tampered Trezor Model T devices.According to Trezors post, the described problem was mainly present on Trezor Model T wallets, with all gadgets being obtained from suppliers on the Russian market. The firm composed:” Some internal elements had been replaced, allowing the destructive stars to spoof the gadgets habits and make its security features redundant.” According to Trezors main site, the company presently has about 50 officially authorized resellers throughout the world. The sellers are located in many jurisdictions, including countries like Canada, the United States, Singapore, India, Israel, Belarus, Ukraine and others. There are currently no licensed Trezor wallet resellers in Russia, according to the website.Related: To catch a scammer: Kraken develops phony crypto account to bait fraudstersIn addition to security measures related to provide chain, Trezor likewise encourages its users to follow actions to validate their Trezor wallets, offering official guides for Model One and Model T.Trezors software application likewise indicates any potential firmware problems through signaling the concern on the app screen.Warning on unofficial firmware on Trezor Suite. Source: Trezor” We wish to mention that we have a warning system in the Trezor Suite that notifies users if their gadget utilizes an informal,” a spokesperson for Trezor told Cointelegraph.Magazine: $3.4 B of Bitcoin in a popcorn tin– The Silk Road hackers story

Other Questions People Ask

What should users consider when purchasing from a ‘trusted seller’ to avoid fake Trezor wallets?

When buying a Trezor wallet, users should ensure they purchase directly from the official vendor or authorized resellers. Kaspersky's report highlights that even transactions through 'trusted sellers' on popular classifieds websites can lead to acquiring counterfeit devices. It's crucial to verify the seller's legitimacy and check for any reviews or feedback from previous customers to avoid falling victim to scams.

How can users identify a fake Trezor wallet sold by a ‘trusted seller’?

Identifying a fake Trezor wallet can be challenging, as counterfeit products may closely resemble genuine ones. Users should look for discrepancies in packaging, documentation, and the wallet's functionality. Additionally, Trezor provides official guides for verifying their wallets, which can help users confirm the authenticity of their device before use.

What risks are associated with buying a Trezor wallet from a ‘trusted seller’?

Buying a Trezor wallet from a 'trusted seller' carries significant risks, including the potential for receiving a tampered device that can compromise users' crypto assets. Kaspersky's findings indicate that attackers can manipulate the internal firmware of counterfeit wallets, allowing them to steal private keys. Users must be vigilant and ensure they are purchasing from verified sources to mitigate these risks.

What steps can users take to protect themselves from counterfeit Trezor wallets sold by ‘trusted sellers’?

To protect themselves, users should only buy hardware wallets directly from Trezor or its officially authorized resellers. They should also familiarize themselves with Trezor's security features and validation processes for their wallets. Regularly checking for firmware updates and using the Trezor Suite's warning system can further enhance security against potential threats from counterfeit devices.

Why is it important to avoid purchasing Trezor wallets from unofficial sources or ‘trusted sellers’?

Avoiding unofficial sources is crucial because counterfeit Trezor wallets can lead to significant financial losses due to theft of cryptocurrency. Kaspersky's report emphasizes that even seemingly reputable sellers can unknowingly distribute tampered devices. By purchasing only from official channels, users can ensure they receive a secure and authentic product, safeguarding their crypto investments.