Victim using a hardware wallet to store their cryptocurrency got ripped off for almost $30,000 worth of digital money. Security experts at Kaspersky found that the victim bought a tampered Trezor model T hardware wallet that had been messed with by cybercriminals. The wallet looked like the real deal, but it wasn’t properly put together and was held together with glue and tape.
Further research uncovered that the attackers made changes to the firmware of the bootloader and wallet, disabling protective mechanisms, replacing the seed phrase with one of 20 pre-set phrases, and only using the first character of any additional password. They then had 1280 different options to access the fake wallet’s key, giving them complete control over it from the start without being detected.
Hardware wallets store digital assets. So as long as cyber criminals know your pre-set phrase, they have full access to your wallet and can transfer the money using other device or software.
Similar incidents are quite common. To keep your crypto assets safe, they recommend buying hardware wallets only from authorized sources, checking for signs of tampering, verifying the firmware, and securing seed phrases with a strong password.
Never buy second -hand hardware wallets as you might never know if they are tampered with.