![]() ![]() The owner had no protection whatsoever: the game was lost from the very moment the money first arrived in the Trojan wallet. According to the transaction history, they were in no hurry, waiting a whole month after the wallet was credited for the first time before they grabbed the money. The fake cryptowallet would operate as normal, but the attackers had full control over it from the very beginning. Thus, to crack a given fake wallet, only 64*20=1280 variants were to be considered. Third, if the user chose to set an additional master-seed protection password, only its first symbol ( a…z, A…Z, 0…9 or ! for any special character) was used, which, together with the no-password option, gave just 64 possible combinations. The owner would begin using it instead of a new and unique one. ![]() Second, at the initialization stage or when resetting the wallet, the randomly generated seed phrase was replaced with one of 20 pre-generated seed phrases saved in the hacked firmware. The original bootloader and wallet firmware received only three modifications:įirst, the bootloader-checks for protection mechanisms and digital signatures were removed, thus getting rid of the “red screen” problem during the firmware originality check at startup. Thanks to the deactivated flash-memory read-out protection, which our attackers decided not to turn on after the new microcontroller was soldered in, we easily extracted the wallet firmware and, by reconstructing its code, discovered that the attackers indeed knew the private key in advance. ![]() The fact that the attackers were able to conduct a transaction while the offline wallet was stashed in its owner’s strongbox means that they either copied the private key after it was generated, or… they knew it all along! We won’t repeat the commonplace truths about cryptowallets that we covered earlier, but we’ve just one little reminder for you: a cryptowallet contains your private key, and whoever knows that key can sign any transaction and spend your money. But the actual cryptocurrency stealing mechanism was still unclear… Trojan firmware Thus, the fake cryptowallet theory was proved true: it was a classic supply-chain attack in which an unsuspecting victim buys an already-hacked device. It looked perfectly genuine from the outside however… (left - original, right - fake) Optionally, in addition to the PIN, you can protect your master access key with a password as per the BIP-39 standard. Accessing the device and confirming transactions require a PIN code that - even though it doesn’t protect the master access key (a base for generating the mnemonic seed phrase) - is used to encrypt the storage where it’s kept. The bootloader checks the digital signature of the firmware and, if an anomaly is detected, displays an unoriginal firmware message and deletes all the data in the wallet. Both the box and the unit housing are sealed with holographic stickers, the microcontroller is in flash memory read-out protection mode (RDP 2). The Trezor Model T vendor has undertaken a wide range security measures that, in theory, should reliably protect the device from attackers. It uses fully open-source code - both software and hardware-wise - and is based on the popular STM32F427 microcontroller. The victim had purchased the rather popular hardware wallet Trezor Model T. ![]()
0 Comments
Leave a Reply. |