Author

Topic: Trezor Fake wallet scam! (Read 145 times)

rby
hero member
Activity: 742
Merit: 611
Brotherhood is love
May 18, 2023, 03:29:18 PM
#8
Looking at the two images, I can clearly spot out the difference between the original and fake. The image by the right has a spider MCU (microcontroller unit). This kind of MCU can only be gotten from the manufacturing company and no other. I do not understand why the signal cables of the fake was covered.
The difference can only be spotted when the hardware is opened and in most cases no customer opens their hardware wallet. The best is to buy directly from the manufacturers.

The guys who implemented this idea with a fake model T were hunting for big fish and among all the buyers of hardware wallets still need to find one. People can buy HW wallet to store both 0.1BTC and 10BTC. It is impossible to understand how much bitcoin will be deposited into the wallet. That is, attackers will need additional information about a potential victim in order to distinguish it from small fish.
The filtering of the victims is not necessary and would need a strong detective to achieve this. They can simply target area where bitcoin activities is at high rate and target their promotion there. However, they lose nothing if they got a victim who will save 0.1BTC because the fake wallet was also bought and not given free.
legendary
Activity: 2212
Merit: 7064
May 18, 2023, 03:16:07 PM
#7
Incredible. How were you able to detect the differences and tampering in the micro-components inside the hardware wallet?
It was not me, it was Kaspersky you know, one of the biggest antivirus security company... that makes me think new Trezor fake device scam is probably coming from Russia.
Trezor is still not shipping in that region of the world and scammers used that situation to create new cloned devices.
Components inside are easy to differentiate even for amateurs like us, just read the labels.

You will see the link under the images on the OP
Maybe he thinks I am mister Kaspersky  Cheesy
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
May 16, 2023, 06:19:41 AM
#6
Incredible. How were you able to detect the differences and tampering in the micro-components inside the hardware wallet?
You will see the link under the images on the OP: https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
May 16, 2023, 06:06:44 AM
#5
Incredible. How were you able to detect the differences and tampering in the micro-components inside the hardware wallet?
legendary
Activity: 2730
Merit: 7065
May 16, 2023, 02:48:23 AM
#4
To buy from authorized official resellers. Like in my country, there are few resellers, but no single authorized official reseller of Trezor wallets. If I want to get Trezor, it will be from official reseller.
Always buy from the official shop if you can. If not, use an official reseller linked on Trezor's website. Never trust the information and promises online shops post on their websites. The Trezor resellers network can be found here: https://trezor.io/resellers
If the site claiming to be an official partner is not on that list, don't buy from them.

If someone read everything on the links below, the person will be able to differentiate an original Trezor from a fake one.

https://trezor.io/learn/a/authenticate-model-one
https://trezor.io/learn/a/authenticate-model-t

A fake Trezor can not copy the original Trezor 100% and there are some things to follow like these:

Quote
All Trezor devices are distributed without firmware installed - you will need to install it during setup. This setup process will check if firmware is already installed on the device. If firmware is detected then the device should not be used.

The bootloader verifies the firmware signature each time you connect your Trezor to a computer. Trezor Suite will only accept the device if the installed firmware is correctly signed by SatoshiLabs. If unofficial firmware has been installed, your device will flash a warning sign on its screen upon being connected to a computer.
The problem here is that if a user is tricked into buying a fake device, they obviously don't know much about the info you quoted. If you can trick them to purchase a fake Trezor, you can most probably also trick them into install an unofficial firmware and use a phishing app, instead of the real Trezor Suite. You are either careful and can spot these things or you don't. A fake device would be shipped with accompanying documentation that instructs the victim about what software and firmware to download. And it wouldn't be the genuine ones.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
May 15, 2023, 12:30:25 PM
#3
First, I have not found information on how this fake Trezor fell into the hands of the author of this article. A story about this could well complement the article (and satisfy my curiosity Smiley).

Secondly, creating such a fake device is not an easy task for most scammers, requiring certain skills and knowledge. That is, the creation of such fakes can't be put on the assembly line (just don’t tell chinese manufacturers about it Smiley), which means that most buyers are unlikely to run into this. The guys who implemented this idea with a fake model T were hunting for big fish and among all the buyers of hardware wallets still need to find one. People can buy HW wallet to store both 0.1BTC and 10BTC. It is impossible to understand how much bitcoin will be deposited into the wallet. That is, attackers will need additional information about a potential victim in order to distinguish it from small fish. This is where the moment about the confidentiality of personal data floats, but this is a completely different topic for discussion.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
May 15, 2023, 11:01:31 AM
#2
How to prevent attacks like this?
- This is textbook example of supply-chain attack, that is why it's very important to buy hardware wallets only from official website or resellers.
To buy from authorized official resellers. Like in my country, there are few resellers, but no single authorized official reseller of Trezor wallets. If I want to get Trezor, it will be from official reseller.

If someone read everything on the links below, the person will be able to differentiate an original Trezor from a fake one.

https://trezor.io/learn/a/authenticate-model-one
https://trezor.io/learn/a/authenticate-model-t

A fake Trezor can not copy the original Trezor 100% and there are some things to follow like these:

Quote
All Trezor devices are distributed without firmware installed - you will need to install it during setup. This setup process will check if firmware is already installed on the device. If firmware is detected then the device should not be used.

The bootloader verifies the firmware signature each time you connect your Trezor to a computer. Trezor Suite will only accept the device if the installed firmware is correctly signed by SatoshiLabs. If unofficial firmware has been installed, your device will flash a warning sign on its screen upon being connected to a computer.
legendary
Activity: 2212
Merit: 7064
May 15, 2023, 08:32:45 AM
#1
I remember few years ago people reported some fake Trezor One hardware wallets, and many legit companies cloned and forked Trezor because of their Open Source code.
Now there are new reports of Trezor Model T fake devices that are used to scam people and steal coins from them, and this was confirmed by well known company Kaspersky.

Attackers waited patiently for owner to deposit larg enough amount of coins before they stole them from him.
From outside this fake Trezor T wallet looks identical like original Trezor device, it was ordered from popular website and it had holographic sticker on original box.
First strange things was asking to update latest firmware version 2.0.4 that was not available on official Trezor github.

Things look different when you open it and check the board, there are traces of soldering and  microcontroller STM32F429 fully was used instead of original model STM32F427, and it had fully deactivated flash-memory read-out protection.
Image below is showing original device on left sight, and fake device is on the right side:


Source Article: https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/

Bootloader and wallet firmware had three modifications, first to bypass checking that device is genuine, second change was making owner use seed phrase previously generated by scammers, and third change was making attackers easy to crack password.

How to prevent attacks like this?
- This is textbook example of supply-chain attack, that is why it's very important to buy hardware wallets only from official website or resellers.



You can also read one of my old topics that explains most Attack vectors for Hardware Wallets:
https://bitcointalksearch.org/topic/attack-vectors-for-hardware-wallets-5321850


Jump to: