Robert Steinadler, 13 days ago
Hardware wallets are the top-notch solution to keep cryptocurrencies and NFTs safe and sound. The devices are designed to provide a secure environment that is immune to remote access by any attacker. Therefore, most influencers, the broader media, and crypto communities recommend using a hardware wallet. Especially beginners are being told to use them to store their crypto. This is only sound advice given the fact that crypto worth billions of dollars got lost since the inception of Bitcoin.
However, a report from Kaspersky raises the question if hardware wallets are more vulnerable than we all thought.
Make no mistake, it is not easy to crack a hardware wallet, if possible. In the last 6 years, several reports showed that hardware wallets from different manufacturers suffer from vulnerabilities. The good news is that all these attack vectors don’t matter in the wild. The wallets got cracked, but it needs a lab and a lot of time to exploit them. This is something a hacker who is looking to steal crypto typically doesn’t have. Physical access, industry-grade equipment, and a lot of time.
However, there is one valid attack vector because it provides the criminals with all three mentioned components. In a supply chain attack, the hacker delivers manipulated devices to the victim. The attacker buys a device on the open market and starts working on it. Once finished, the attacker can offer that device on the secondary market to his victims.
This is why crypto enthusiasts are told to buy their devices directly from the manufacturer or a certified reseller. They usually make sure that the device is delivered temper-proof. However, should the package arrive broken, the manufacturer or reseller will usually provide a new device and check on the other if it got hacked.
Yesterday, Kaspersky raised the alarm on hardware wallets from the manufacturer Trezor. Apparently, the security company found a device that was professionally manipulated. In this case, the attacker opened the casing, replaced parts of the chipset, and reprogrammed the wallet.
According to the report, this allowed the hacker to know the private key before they were generated by the victim. Once enough crypto is compounded on the wallet, the criminals can decide to withdraw the funds, with the victim being totally unaware and helpless against the attack.
The good news is that Trezor said that the device is likely from an unauthorized Russian reseller who tried to trick people in 2022. According to Trezor, no other cases were reported involving a supply chain attack. Instead, Kaspersky found an old device and created a lot of buzz.
However, it is always recommended to stay vigilant and follow security advice on how to store crypto safely. Suppose you like to dig deeper into this topic. In that case, we recommend reading our articles about password security, how to take self-custody, and how to set up a Bitcoin wallet. You also check out the introduction to account security and all the other great educational material we have prepared.
Featured image: © Nataly Gejdos / Shutterstock.com
May 16, 2023
Creating reliable backups of one’s hardware wallets is perhaps the most important thing. This is usually done by writing down a so-called seed phrase consisting of 24 words. Losing this recovery phase means losing access to the wallet if it is lost or physically damaged. A couple of methods are available to ensure the seed is kept safe. Some users go so far as to engrave them in steel plates to make them fire and waterproof.
Apr 20, 2023
Bitcoin transactions are not anonymous. Its blockchain is public and all transactions can be audited at any time. This is not a bug but a feature because only if every person in the world can audit every detail, then Bitcoin becomes a truly decentralized and secure digital form of money. This transparency also comes with a downside. Unlike a bank account, any company can watch the blockchain for activity and use the data for all kinds of purposes. One specific technology has been thought of several years ago to improve the situation.
Apr 19, 2023
Security is important when dealing with cryptocurrencies. All transactions are final and investors should always take into account that not everyone out there on the internet is being honest. Decentralized finance is especially vulnerable since many smart contracts are at work and one single line of buggy code can expose millions. This explains why so many exploits have happened in the past with so many different protocols throughout several blockchains. However, the most recent incident cannot be attributed easily.
Sign up to stay informed via our email updates