We’ve written many times in the past about cryptocurrency traders being targeted by mind-boggling attack methods, some of which were not that common last year. But now investors need to be much more careful. Recent events reveal how investors are being targeted, especially through advertisement sites.
Cryptocurrency Attacks
Cryptocurrency, which is easy to steal and cash out, is one of the favorite areas for attackers. For this reason, serious investors often use hardware wallets to protect their crypto investments. This way, they can be sure that their assets are safe. There are even companies and investors who store these hardware wallets in private vaults.
But there is a problem. These wallets store private keys away from vulnerable computers and smartphones and make signing transactions much more secure, but there is no such thing as 100% security. Risks such as physical attacks and fake hardware wallets target this group of investors. Recent reports confirm this.
Second Hand Crypto Hardware Wallets
What do you do when you want to buy a cryptocurrency hardware wallet? Usually, what you do is a quick search on the internet. Details such as price, features, shipping options, etc. are standard for other online purchases and buyers check them. Even more affordable prices on second-hand sites for gently used or unboxed devices can be tempting to investors. But there is a problem here. Second-hand hardware wallets or unboxed wallets sold at a more affordable price can cause you to lose all your money.
This recently happened to a user who bought a Trezor Model T on a classifieds site. The seller of the Trezor Model T has implemented a wide range of security measures that should theoretically reliably protect the device from attackers. Both the box and the unit housing are sealed with holographic stickers, the microcontroller flash memory is in read-protect mode. The bootloader checks the digital signature of the firmware and if an anomaly is detected, it displays a non-genuine firmware message and deletes all data in the wallet. Accessing the device and confirming transactions requires a PIN code, which is used to encrypt the storage where it is stored. Optionally, in addition to the PIN, you can protect your master access key with a password according to the BIP-39 standard.
The hardware wallet above looked safe at first glance. But in fact, the Trezor Model T, which was sold as a closed box, was actually a trap. In a review by Kaspersky, cybersecurity experts said;
“The casing was difficult to open: the two halves were held together with copious amounts of glue and double-sided adhesive tape, rather than the ultrasonic bonding used on factory-made Trezors. Even more interestingly, inside was a completely different microcontroller showing traces of solder! Instead of the original STM32F427, the unit had an STM32F429 with completely disabled microcontroller flash memory read protection mechanisms (RDP 0 instead of RDP 2 on the original Trezors). Thus, the fake crypto wallet theory was proven correct: This was a classic supply chain attack in which an unsuspecting victim bought an already hacked device.”
This is why you should place your orders directly with the manufacturer and stay away from second-hand hardware wallets. The most popular brand for hardware wallets is Ledger and you can click here to order directly from the manufacturer and safely move your cryptocurrencies to your hardware wallet.
