Hackers stole about $30,000 in Bitcoin via counterfeit hardware wallet

Unknown criminals forged a hardware cryptocurrency wallet and siphoned off 1.33 BTC ($29,585 at the time of analysis).

The thieves were able to steal the funds while the offline device lay in the owner’s safe. On the day of the theft the victim did not perform any operations with it, so the breach went unnoticed for some time.

According to experts, the victim had purchased a compromised hardware wallet, with factory packaging and holographic stickers looking untouched and not suspicious.

Upon opening the device, technicians found signs of malicious tampering.

«Instead of ultrasonic welding, the wallet halves were sealed with glue and fastened with double-sided tape. They replaced the original microcontroller with their own, with modified firmware and bootloader, removing control of protective mechanisms», they said.

From the outset, the attackers fully controlled the device.

During initialization or when resetting the wallet, a randomly generated seed phrase was replaced with one of 20 pre-created seeds stored in the fraudulent firmware.

Moreover, if the owner had set an additional password to protect the master key, only its first character was used. Thus, to obtain the key to a specific fake wallet, the attackers needed to try just 1,280 variants.

«While hardware wallets are considered among the most secure ways to store cryptocurrency, attackers have found a way to compromise them — by selling infected or counterfeit devices».

Earlier in February, the MetaMask warned about phishing attacks from counterfeit company addresses.