Hardware wallets are considered secure, but there are still cases of instruction manual fraud and modification fraud. Users should purchase through official channels to ensure the wallet is in an unopened state in order to protect asset security.
Although hardware wallets offer higher security, there are still numerous fraud cases targeting inexperienced users, resulting in the loss of assets stored in hardware wallets. This article will introduce two common methods of stealing coins from hardware wallets – hardware wallet instruction manual fraud and hardware wallet modification scams.
The core of these theft methods lies in taking advantage of the lack of understanding among ordinary investors about how to use hardware wallets, by replacing the genuine instruction manual to mislead victims into transferring funds to phishing addresses.
Victims purchase hardware wallets from third-party e-commerce platforms, open the packaging, use the “initial Pin code” marked on the “instruction manual” to open the hardware wallet, back up the “mnemonic phrase” printed on the “instruction manual,” and deposit a large amount of funds into the wallet address, ultimately resulting in theft.
The reason for this is not that the wallet has been compromised at the hardware level, but rather that the thieves gain access to the address mnemonic phrase by enabling it in advance, then forge a fake instruction manual for repackaging, and sell the already activated hardware wallet to victims through unofficial channels. Once the target transfers encrypted assets to the address, it follows the standard fake wallet theft process.
Similar risks exist in the secondary market in the Chinese-speaking region. Well-known hardware wallet manufacturer imkey has issued warnings – they have found that some unofficial stores are selling “activated” hardware wallets while tampering with the usage instructions, deceiving users into depositing funds into wallet addresses established in advance by malicious merchants. Therefore, identifying official e-commerce stores is equally important as identifying official websites.
Furthermore, the Kaspersky security team has reported a case of counterfeit Tresor hardware wallet, where the victim purchased a Trezor Model T from an unofficial channel, but the device had its internal firmware replaced by attackers, gaining access to the user’s encrypted assets and engaging in theft activities.
Through the above cases, it is evident that supply chain attacks on hardware wallets are widespread. Ordinary investors and hardware wallet manufacturers should be vigilant. Correct usage can effectively mitigate the risk of theft:
1. Purchase hardware devices through official channels
Any hardware device purchased from unofficial channels is not secure.
2. Ensure the wallet is in an unactivated state
Hardware devices sold by official sources must be unactivated. If investors find that the device has been activated upon booting up, or if the manual prompts for an “initial password” or “default address,” promptly disable the device and report to the hardware wallet official.
3. Ensure addresses are generated by the user
Apart from the device activation process, setting a PIN code, generating binding codes, establishing addresses, and backups should all be done by the user. Any operation by a third party poses risks to the user’s funds. Normally, hardware wallet devices should be in an unactivated state, meaning when using the hardware wallet for the first time, device activation, wallet creation, mnemonic phrase backup, and PIN code setting should all be done by the user.
If any hardware wallet users suffer losses due to such social engineering attacks, please contact Bitrace promptly, and we will assist you in recovering your assets through legal means.
For more anti-fraud knowledge, feel free to download the “2024 Web3 Anti-Fraud Manual” produced by Bitrace at:
https://bitrace.io/zh/blog