![]() We won’t repeat the commonplace truths about cryptowallets that we covered earlier, but we’ve just one little reminder for you: a cryptowallet contains your private key, and whoever knows that key can sign any transaction and spend your money. But the actual cryptocurrency stealing mechanism was still unclear… Trojan firmware Thus, the fake cryptowallet theory was proved true: it was a classic supply-chain attack in which an unsuspecting victim buys an already-hacked device. ![]() It looked perfectly genuine from the outside however… (left - original, right - fake) Optionally, in addition to the PIN, you can protect your master access key with a password as per the BIP-39 standard. Accessing the device and confirming transactions require a PIN code that - even though it doesn’t protect the master access key (a base for generating the mnemonic seed phrase) - is used to encrypt the storage where it’s kept. The bootloader checks the digital signature of the firmware and, if an anomaly is detected, displays an unoriginal firmware message and deletes all the data in the wallet. Both the box and the unit housing are sealed with holographic stickers, the microcontroller is in flash memory read-out protection mode (RDP 2). The Trezor Model T vendor has undertaken a wide range security measures that, in theory, should reliably protect the device from attackers. It uses fully open-source code - both software and hardware-wise - and is based on the popular STM32F427 microcontroller. The victim had purchased the rather popular hardware wallet Trezor Model T.
0 Comments
Leave a Reply. |