Blockchain security firm Kaspersky has revealed how attackers using a fake Bitcoin (BTC) cold wallet defrauded a user.
Kaspersky A detailed cybersecurity and Bitcoin scam report shared by the company included the details of a mind-blowing theft. The company, which started its investigations after a complaint from a user, assumed that the user bought it from a reliable seller, assuming it was genuine. Trezor Model Tin fact running like a trojan horse realized that it was equipped with a malware. The Kaspersky team detailed the situation with the following statements:
At first glance, the wallet we reviewed looked exactly the same as an original wallet and showed no signs of tampering. The unit was purchased from a trusted seller through a popular classifieds site and the holographic stickers on the box and wallet were all present and undamaged.
The user, who is the victim of fraudsters, may be in the physical structure of the product or in the application. at the interface no difference or in a suspicious situation did not come across. This is not due to the carelessness of the user, but to the fraudsters. from your mastery was due. The small deficit of the fraudsters who managed to make a copy in appearance and in practice. As a result of detailed research revealed.
Version detail and suspicious traces on the processor
Compared to the original Model T of the device two difference appeared. The first one is specified at the top in the application interface. “Version 2.0.4” was the phrase. When Kaspersky analysts analyzed this data, Trezor’s GitHub He faced a remarkable fact on his page. The company realized that the scammers were making transactions under this version. Never released version 2.0.4 and deliberately skipped ahead with 2.0.5. Of course, this small detail was lost in the eyes of the user.
Another concrete indicator is inside the device when opened it was noticed. Inside the device, shouldn’t be cheap quality adhesives And solder scars there was. On the other hand, this device processor It was observed that there were extra parts in the part that were not included in the original equipment.
They waited 1 month to steal assets
Thieves who own the fake device, never rushed and made by the user to the wallet from the first deposit Then they waited 1 month. Then, without the user even realizing what happened, All Bitcoins at once they stole.
According to the security firm, the device in question 20 word secret password (seed key) was in the hands of attackers from the very beginning. In this way, attackers who have had full authority on the device since the first day can only TRUE the moment to come waited. into the device pre-installed software thieves, who also take precautions against the possibility of the user creating a new wallet. thought of all possibilities.