Manipulated hardware wallets

Manipulated hardware wallets are nothing new. Why the security company Kaspersky is now publicly warning against buying the devices and how safe use is possible.

Table of Contents

Why Kaspersky warns

Manipulated hardware wallets have been known for a long time. The Russian security company Kaspersky is now also warning against careless purchase of the devices. A customer had sent in his device for examination. Kaspersky noticed a profound manipulation.

Hardware wallets are considered particularly secure. They have specially developed software and hardware designed to make it as difficult as possible for an unauthorized person to gain access to the money inside.

Hardware wallets belong to the category of cold wallets. They should store the private keys without sharing them over the Internet and thus exposing them to attacks. Only recently did the reputation of the devices falter after the manufacturer Ledger revealed unusual functions . Ledger is one of the largest producers of hardware wallets.

Kaspersky warns interested parties to be particularly careful when purchasing such a cold wallet. A customer gave the company an alleged Trezor Model T for review. In a test, Kaspersky found that the device had been deliberately tampered with to steal the unsuspecting user’s cryptocurrencies.

“Which is the real hardware wallet? Criminals have recently built modified Trezor wallets to try and steal crypto.” The company writes on Twitter and shows two different pictures. One shows the innards of a real Model T, the second the fake counterpart.

Which is the real hardware wallet? Criminals have recently been found creating modified #trezor wallets in order to attempt to siphon off #crypto.

Full story ⇒ https://t.co/eg5a51J04P pic.twitter.com/D5XkksSV1y
— Kaspersky (@kaspersky) May 15, 2023

The counterfeit device (on the right in the picture) uses a modified processor that does not offer the standard protection against unauthorized selection. The two halves of the outer shell, which were only roughly glued together, were also noticeable. The fake also uses bootloader version 2.0.4, which does not exist on authentic devices.

How to protect yourself against fake hardware wallets?

So how do you protect yourself against fake hardware wallets? According to Kaspersky and the manufacturer Trezor, this is very simple. The fake device came from a Russian retailer who was not authorized by Trezor.

Conversely, you just have to make sure that you only buy from authentic partners of the manufacturer – the same principle also applies to the hardware wallets of other brands such as Ledger.

Trezor lists all authentic partners online. Competitor Ledger also applies the same principle . If trusting a third party is still too delicate for you, you can also purchase the devices directly from the manufacturer. A seal also allows the buyer to see whether the device remained untouched during transport.

Trezor became aware of the malicious Russian retailer back in 2022 . Since then, the Czech company has increasingly relied on warning its customers at an early stage. A campaign in this regard is classified as successful, since no new counterfeits have appeared so far.