One of the methods used by users who hoard cryptocurrencies to keep you safe from cybercriminals and their malicious activities is cold wallets. These are devices similar to USB flash drives that They are not connected to the Internet, although they must be connected to carry out transactions.
However, it seems that this formula is not as safe as it was painted. At least, according to what happened in a strange incident reported by the security company Kaspersky.
According to the company of Russian origin, cyberbad guys extracted 1.33 bitcoins worth $29,585 from a cold wallet. That on a day when its owner did not make any transactions and the hardware was not connected to the network. Thus, the victim did not realize what had happened until later.
Kaspersky analysts found that the device had been tampered with. This one did not show the classic welds, but glue and double-sided tape, and the components inside were different from the originals.
What had happened? Had someone physically accessed the hardware in his absence? The explanation is much simpler: without realizing it, the victim had purchased an infected wallet from the seller.
Although the user found no bugs and everything seemed to work normally, the cyberbad guys had it in their domain from the start.
Threat Actors They managed to make three modifications to the original firmware, removing the protection checks and replacing the randomly generated seed phrase. In this way, they were able to control the passwords.
Buy wallets only from trusted vendors
“Hardware wallets have long been considered one of the most secure ways to store cryptocurrency, but cybercriminals have found new ways to exploit them by selling tampered devices. It’s something that can be prevented.” explains Stanislav Golovanov, an expert in cyber incident analysis at Kaspersky.
“We recommend buying only cold wallets from official and trusted sites to minimize risks”he concludes.
The cybersecurity company also advises check the purchased wallet for signs of tampering, such as scratches or glue. In addition, it suggests keeping the firmware up to date, securing the seed phrase when configuring the device, and using a unique and strong password (not used in other services or applications).