FINANCE SALES & MARKETING HR SOLUTIONS EMPLOYEE ENGAGEMENT

THIS LED THE COMPANY ’ S RESEARCHERS TO CONCLUDE THAT THE VICTIM HAD PURCHASED A HARDWARE WALLET THAT HAD ALREADY BEEN INFECTED . cryptocurrency theft involving a hardware wallet , which resulted in the loss of 1.33 BTC worth US $ 29,585 .

Hardware wallets , also known as ' cold ' wallets , store cryptocurrency keys on a device the size of a USB stick , which must be plugged into a computer to send crypto or interact with decentralised finance protocols . As a result , these devices are generally considered safer than ' hot ' wallets that are connected to the Internet at all times .

However , a recent investigation by Kaspersky revealed a rare case of theft of assets from a hardware wallet , demonstrating how cybercriminals are coming up with new tactics to maximise their profits . The victim did not make any transactions that day , and the cold wallet was not connected to the computer . Thus , the victim did not immediately notice the theft , and the fraudster transferred 1.33 BTC ( worth around US $ 29,585 ) without the victim ' s knowledge .

Although the copy we studied appeared identical to the original , the device showed signs of malicious tampering upon opening it . Rather than being welded together ultrasonically like genuine hardware wallets , each half of the device was filled with glue and held together with double-sided tape . Additionally , the wallet had a different microcontroller with read protection mechanisms and the flash memory completely disabled , instead of the original one . This led the company ’ s researchers to conclude that the victim had purchased a hardware wallet that had already been infected .

The attackers made only three changes to the original firmware of the bootloader and the wallet itself . They removed the control of protective mechanisms , replaced the randomly generated seed phrase with one of the 20 preset phrases and used only the first character of any additional password . This gave the attackers a total of 1,280 options to pick the key per one wallet .

Thus , the attackers were able to carry out the operation while the disabled crypto wallet was lying in the owner ' s safe . The crypto wallet seemed to work as usual , but from the very beginning , the scammers had complete control over it .

“ Hardware wallets have long been considered one of the safest ways to store cryptocurrency , but cybercriminals have found new ways to benefit by selling infected or fake devices to unsuspecting victims . Such attacks are totally preventable . Hence , we strongly advise users to only purchase hardware wallets from official and trusted sources to minimise the risk ," said Stanislav Golovanov , Cyber Incidents Investigation Expert at Kaspersky . x

48 www . intelligentcxo . com