In the world of cryptocurrency, security is paramount. A recent incident involving a Trezor hardware wallet highlights the risks of storing Bitcoin and other digital assets in a vulnerable wallet. The victim, in this case, lost 1.33 BTC, just a month after acquiring the hardware and depositing funds.
Crypto wallets are software programs or hardware devices that allow users to securely store, manage, and interact with their cryptocurrencies. Among the various types of wallets are software wallets, hardware wallets, and paper wallets.
Software wallets offer direct control over private keys and are more secure than online wallets. Hardware wallets offer enhanced security by isolating the keys from internet-connected devices. Paper wallets are kept offline and provide a cold storage option. Choosing the right wallet depends on factors such as security, convenience, the number of cryptocurrencies supported, and the user’s needs and preferences.
According to the source, the attack was launched even before the victim bought the wallet. The hacker was able to distort the inner design and components of the wallet, which were not visible from the external container.
Disjointed internal components
During the examination of the wallets, it was discovered that the wallet of the victim appeared exactly as the original Trezor wallet, and was also purchased from a trusted seller. Other features such as the holographic stickers on the box were part of the externals of the wallet. However, when the wallet was inserted into a computer system to initiate operations, it displayed firmware version 2.4.3 and bootloader version 2.0.4. Further search revealed that the vendor of the wallet never released a bootloader version 2.0.4.
From the Github records, this version of the Trezor wallet was not released to the public as the company said that it was already tampered with as fake products were in the market.
Looking into the inner components of the wallet were some anomalies including soldering debris, fake glue used to hold the components together, and in place of STM32F427 microcontrollers, the wallet had an STM32F429 which was also deactivated. The wallet according to the source was confirmed hacked at this point.
Stealing the bitcoin
The source added that the process used by the attacker to steal the Bitcoin while the wallet was offline was possible as the attacker had access to the private key of the wallet. The tampering of the bootloader, which is a protection mechanism in the wallet, made it possible for the attacker to “get red screen” detection whenever the wallet is being used.
Secondly, whenever the owner of the wallet needs to reset the seed phrase of the wallet, the owner will automatically use an already installed 20-word seed phrase. This means that the owner would use this as the first seed phrase after resetting, but the attacker has it already.
Lastly, if the owner wants to create a password lock, they can only use “a…z, A…Z, 0…9, or ! for any special character.” This limits any password probability to only 1280 options which can be traced by the attacker.
Further inquiries about what happened revealed that Trezor, the producer of the Trezor wallet, had made an earlier announcement about the Trezor Model T wallet, which was what the victim bought from a certified seller. The wallet company made it clear that there was a security issue with the structure of the wallet.