Robert Steinadler, 13 days ago

Are hardware wallets safe? Kaspersky’s alarming report raises questions

Hardware wallets are the top-notch solution to keep cryptocurrencies and NFTs safe and sound. The devices are designed to provide a secure environment that is immune to remote access by any attacker. Therefore, most influencers, the broader media, and crypto communities recommend using a hardware wallet. Especially beginners are being told to use them to store their crypto. This is only sound advice given the fact that crypto worth billions of dollars got lost since the inception of Bitcoin.

However, a report from Kaspersky raises the question if hardware wallets are more vulnerable than we all thought. 

Supply chain attacks

Make no mistake, it is not easy to crack a hardware wallet, if possible. In the last 6 years, several reports showed that hardware wallets from different manufacturers suffer from vulnerabilities. The good news is that all these attack vectors don’t matter in the wild. The wallets got cracked, but it needs a lab and a lot of time to exploit them. This is something a hacker who is looking to steal crypto typically doesn’t have. Physical access, industry-grade equipment, and a lot of time.

However, there is one valid attack vector because it provides the criminals with all three mentioned components. In a supply chain attack, the hacker delivers manipulated devices to the victim. The attacker buys a device on the open market and starts working on it. Once finished, the attacker can offer that device on the secondary market to his victims.

This is why crypto enthusiasts are told to buy their devices directly from the manufacturer or a certified reseller. They usually make sure that the device is delivered temper-proof. However, should the package arrive broken, the manufacturer or reseller will usually provide a new device and check on the other if it got hacked.

Kaspersky is late to the party

Yesterday, Kaspersky raised the alarm on hardware wallets from the manufacturer Trezor. Apparently, the security company found a device that was professionally manipulated. In this case, the attacker opened the casing, replaced parts of the chipset, and reprogrammed the wallet.

According to the report, this allowed the hacker to know the private key before they were generated by the victim. Once enough crypto is compounded on the wallet, the criminals can decide to withdraw the funds, with the victim being totally unaware and helpless against the attack.

The good news is that Trezor said that the device is likely from an unauthorized Russian reseller who tried to trick people in 2022. According to Trezor, no other cases were reported involving a supply chain attack. Instead, Kaspersky found an old device and created a lot of buzz.

However, it is always recommended to stay vigilant and follow security advice on how to store crypto safely. Suppose you like to dig deeper into this topic. In that case, we recommend reading our articles about password security, how to take self-custody, and how to set up a Bitcoin wallet. You also check out the introduction to account security and all the other great educational material we have prepared.  

Featured image: ©  Nataly Gejdos /

Featured articles
Four trading strategies for crypto
Bitcoin and Ethereum: what are the differences?
What determines the Bitcoin price?
Related articles
Sharing Shards: Ledger Recover sparks controversy

May 16, 2023

Creating reliable backups of one’s hardware wallets is perhaps the most important thing. This is usually done by writing down a so-called seed phrase consisting of 24 words. Losing this recovery phase means losing access to the wallet if it is lost or physically damaged. A couple of methods are available to ensure the seed is kept safe. Some users go so far as to engrave them in steel plates to make them fire and waterproof. 

Trade anytime, anywhere

Boost your trading impact and reaction time in over 80+ cryptocurrencies via instant access to your portfolio with the LiteBit app.

App Store
Google Play Store
  • 2525 Ventures B.V.
  • 3014 DA Rotterdam
  • The Netherlands
More info
  • About LiteBit
  • Support
  • Sell
  • News
  • Education
Subscribe for updates

Sign up to stay informed via our email updates

Explore popular coins
© 2023 LiteBit - All rights reserved