- Open source code of Trezor Wallets allows hackers to build closely resembling software and interface. Hardware can be copied or repurposed from original Trezor wallets.
- Kaspersky has been detecting fake hardware wallets for the last three years, with most of them being sophisticated lookalikes of Trezor.
- These hardware wallets come pre-loaded with seed phrases, which, when activated, allow hackers to steal crypto from your wallets.
- Most genuine wallets allow users to set these phrases when setting up their wallets, which can be changed later when creating a new wallet.
Table of Contents
Hackers Using Fake Trezor Wallets to Steal Crypto
Hackers have been shipping fake crypto harware wallets which come with pre-loaded seed phrases. Once the user activates this wallet and loads crypto, it then gets stolen by the hacker who has been monitoring the wallet address all along.
Kaspersky has been detecting fake hardware wallet since May 2023 when during a case study it revealed that user who believed to have bought a Trezor Model T had indeed got a fake hardware wallet where seed phrases were preloaded.
Also Read: Native Multisig Could Have Prevented the $270 Million Drift Protocol Hack
How Fake Hardware Wallets are Created?
Trezor Model T uses the STM32F427 microcontroller, a chip that can be bought from the open market. The case can be 3D printed or repurposed from a genuine hardware wallet. In other cases, original wallet hardware can also be repurposed for the same.
The software can be copied from code repositories, as Trezor open sources it’s software.
The result is a treasure look alike wallet, which has been set up by hackers to steal crypto the moment it is used by a genuine user.
As most crypto users are not tech professionals themselves, it becomes quite hard for them to identify a fake one.
How to Spot a Fake Hardware Wallet?
The only way we could find a way to spot a fake hardware wallet was through seeing whether the seed phrases and the Blockchain address has been pre-set in the wallet. If seed phrases were pre-loaded, the wallet is compromised.
Generally, any cryptocurrency wallet, asks you to set up your wallet onc.e you activated it. This set up process contains a step where you create a 24 word or 12 word seed phrase through a protocol such as BIP 39. Further, the wallet allows you to change it anytime with the wallet address (by creating a new wallet).
DISCLAIMER: All information presented on A2Z Cryptocurrencies (https://a2zcryptocurrencies.com) is purely for informational and educational purposes and does not amount to financial advice in any way. Please consult a financial advisor before investing.
