Kaspersky Warns Scammers Distribute Fake Trezor Wallets
iHodl.com
Scammers are now distributing fake versions of the Trezor crypto wallet through a trusted seller. In a blog post, the analysts said the fake versions even had the holographic stickers both on the box and the wallet itself.
Subscribe to our Telegram channel to get daily short digests about events that shape the crypto world
The experts admit: when handling the wallet, nothing felt suspicious, as all the functions worked as they should. However, when launched, the wallet showed that bootloader’s version was 2.0.4, which was never actually released due to security reasons.
Later, the analysts found that the housing of the fake version was held with liberal quantities of glue and double-sided adhesive tape instead of the ultrasonic bonding. Moreover, inside the device there was an “entirely different microcontroller showing traces of soldering,” the experts added.
Left version is original, while right — fake copy. Source: kaspersky.com
Hence, instead of the original STM32F427, the fake crypto wallet had an STM32F429 with fully deactivated microcontroller flash-memory read-out protection mechanisms.
Analysts say the fake version allowed scammers to steal over 1.3 BTC even though the wallet wasn’t connected to the Internet at the moment of the incident. This might be due to the fact that the device instead of generating a random seed phrase selected one of the 20 pre-generated seed phrases made by scammers.
Access more than 50 of the world’s financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange
Источник: ru.ihodl.com