Crypto enthusiasts are again urged to rely solely on authentic hardware wallets.

With hardware cryptocurrency wallets seeing a surge in popularity, Russian cybersecurity corporation Kaspersky has reiterated the significance of using legitimate crypto devices.

On May 10, Stanislav Golovanov, Kaspersky’s cyber incident specialist, highlighted a problem with imitation hardware wallets, specifically those mimicking prominent wallet provider, Trezor. This issue surfaced in March 2022.

In his blog post, Golovanov mentions that these counterfeit Trezor wallets gave fraudsters the ability to steal Bitcoin (BTC $30,663) by substituting the microcontroller. This allowed cyber attackers to seize control of the user’s private keys.

It was reported that the user fell victim to a modified hardware wallet mimicking Trezor’s high-tech crypto wallet, the Trezor Model T. The fraudulent wallet perfectly mimicked the appearance of a genuine Trezor Model T wallet and offered a standard set of wallet features.

In handling the wallet, nothing seemed amiss: all functions operated as expected, and the user interface was identical to the original one,” Golovanov explained.

However, the counterfeit wallet had been meddled with internally. As per Kaspersky’s team, the attackers managed to tap into users’ crypto assets by modifying the inner firmware. “The exact theft method remains uncertain,” Golovanov pointed out, adding that this issue resulted from a “standard supply chain attack.”

To combat supply chain attacks, Kaspersky’s cybersecurity experts recommended users to purchase hardware wallets exclusively from the official provider. The company noted that the victim purchased the fraudulent Trezor wallet from a “reliable seller on a well-known classifieds website.”

While Golovanov didn’t disclose the seller’s name to Cointelegraph, he mentioned that the purchase was made through a “widely used marketplace.”

“This is an advertisement site featuring sections dedicated to merchandise for sale, job opportunities, real estate, vehicles for sale, and services. It’s known that these marketplaces often harbor fraudulent sellers peddling fake or compromised devices,” the cybersecurity expert stated.

The problem addressed by Kaspersky is not new to the crypto world. Trezor openly discussed the security incident involving tampered Trezor Model T devices in May 2022.

According to Trezor’s blog post, the issue was predominantly found in Trezor Model T wallets, most of which were obtained from vendors in the Russian market. The company stated:

“Several internal components were replaced, allowing ill-intentioned actors to mimic the device’s behavior and nullify its security features.”

Trezor’s official website reveals that the firm currently has about 50 officially authorized resellers globally. These resellers are spread across numerous jurisdictions, including Canada, the United States, Singapore, India, Israel, Belarus, Ukraine, among others.

Besides supply chain security measures, Trezor also encourages its users to authenticate their Trezor wallets, offering official guides for both the Model One and Model T.

Trezor’s software additionally alerts users to any possible firmware issues through notifications on the app screen. “We would like to highlight that we have a warning system in the Trezor Suite that alerts users if their device uses unofficial firmware,” a Trezor spokesperson told Cointelegraph.