Web3 Security Guide: Common Pitfalls of Hardware Wallets

Author: Liz

Editor: Sherry

background

In the previous issue of Web3 Security Beginners’ Guide to Avoiding Pitfalls, we talked about clipboard security. Recently, a victim contacted the SlowMist security team, saying that he had purchased a tampered cold wallet on TikTok, resulting in the theft of about 50 million yuan in crypto assets. This issue focuses on a tool that is generally trusted by everyone, but there are many misunderstandings in its use - hardware wallets.

 (https://x.com/SlowMist_Team/status/1933799086106538101)

Hardware wallets have always been regarded as a reliable tool for protecting crypto assets because private keys are stored offline. However, as the value of crypto assets continues to rise, the means of attack against hardware wallets have also been upgraded: from fake hardware wallets, fake firmware updates/verifications, phishing websites, to carefully designed social engineering traps, many users inadvertently fell into the trap and eventually had their assets looted. The seemingly safe device actually has a hidden backdoor; the seemingly official email actually comes from the attacker.

This article will focus on the three major aspects of hardware wallet purchase, use and storage, sort out common risks, analyze typical scams based on real cases, and provide practical protection suggestions to help users effectively protect the security of encrypted assets.

Risks of purchasing

There are two main types of scams when it comes to purchasing:

• Fake wallets: The device looks normal, but the firmware has been tampered with. Once used, the private key may be leaked silently.
• Real wallet + malicious guidance: Attackers take advantage of users' lack of security knowledge and sell "initialized" devices through unofficial channels, or induce users to download fake supporting applications, and then complete the harvest through phishing or social engineering means.

Let's look at a typical case:

A user bought a hardware wallet from an e-commerce platform. After opening the package, he found that the instruction manual looked like a scratch card. The attacker activated the device in advance, obtained the mnemonic, and then repackaged the hardware wallet, attached a forged instruction manual, and sold it through unofficial channels. Once the user scanned the code to activate and transferred the assets to the wallet address according to the instructions, the funds were immediately transferred away, falling into the standard coin theft process of fake wallets.

This type of scam targets users who are new to hardware wallets. Due to a lack of relevant background knowledge, users do not realize that the "factory preset mnemonic phrase" itself is a serious security anomaly.

 (https://www.reddit.com/r/ledgerwallet/comments/w0jrcg/is_this_a_legit_productbought_from_amazon_came/)

In addition to this type of "activation + repackaging" routine, there is a more covert and higher-level attack method: firmware-level tampering.

The firmware in the device is implanted with a backdoor even though it looks completely normal. For users, this type of attack is almost unnoticeable, after all, firmware verification and disassembly verification are expensive and not a skill that everyone has.

Once users deposit assets into such devices, the hidden backdoor is quietly triggered: attackers can remotely extract private keys, sign transactions, and transfer assets to their own addresses. The whole process is silent, and by the time users notice it, it is often too late.

 (https://x.com/kaspersky/status/1658087396481613824)

Therefore, users must purchase hardware wallets through the brand's official website or officially authorized channels, and avoid choosing informal platforms for convenience or cheapness. Especially second-hand devices or new products of unknown origin may have been tampered with or initialized.

Attack points during use

Phishing trap in signature authorization

Although hardware wallets can isolate private keys, they cannot prevent phishing attacks caused by "blind signatures". Blind signatures are like signing a blank check - the user confirms a string of illegible signature requests or hash data without knowing the content of the transaction. This means that even under the protection of a hardware wallet, the user may still authorize a transfer to an unfamiliar address or execute a smart contract with malicious logic without realizing it.

Blind signature attacks often use cleverly disguised phishing pages to induce users to sign. In the past few years, hackers have stolen a large amount of user assets through this method. With the continuous expansion of smart contract scenarios such as DeFi and NFT, signature operations have become more complicated. The way to deal with it is to choose a hardware wallet that supports "what you see is what you sign" to ensure that each transaction information can be clearly displayed on the device screen and confirmed item by item.

 (https://www.ledger.com/zh-hans/academy/%E4%B8%BB%E9%A2%98/ledgersolutions-zh-hans/10-years-of-ledger-secure-self-custody-for-all)

Fishing from the "official"

Attackers are also good at taking advantage of situations to commit fraud, especially under the banner of "official". For example, in April 2022, some users of Trezor, a well-known hardware wallet, received phishing emails from the trezor[.]us domain name. In fact, the official Trezor domain name is trezor[.]io. In addition, the following domain name was spread in the phishing email: suite[.]trẹzor[.]com.

This "ẹ" looks like a normal English letter, but it is actually Punycode. The real body of trẹzor actually looks like this: xn--trzor-o51b.

Attackers will also use real security incidents to increase the success rate of deception. In 2020, Ledger suffered a data breach, in which the email addresses of about 1 million users were leaked, and a subset of 9,500 customers involved names, mailing addresses, phone numbers, and purchase product information. After the attackers obtained this information, they pretended to be Ledger's security and compliance department and sent phishing emails to users, claiming that the wallet needed to be upgraded or security verified. The email would induce users to scan the QR code and jump to the phishing website.

 (https://x.com/mikebelshe/status/1925953356519842245) 

 (https://www.reddit.com/r/ledgerwallet/comments/1l50yjy/new_scam_targeting_ledger_users/)

In addition, some users received express parcels, and the outer packaging of the device in the parcel was even wrapped in shrink film. The parcel contained a fake Ledger Nano X wallet and a fake letter with an official letterhead, claiming that this was in response to the previous data breach incident and replaced the user with a "more secure new device."

 (https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/)

In reality, these “new devices” are tampered Ledgers with an additional USB flash drive soldered onto the internal circuit board to implant malicious programs. The fake manual guides users to connect the device to a computer, run an application that pops up automatically, and follow the prompts to enter the 24 mnemonics of the original wallet for “migration” or “recovery.” Once the mnemonics are entered, the data is sent to the attacker and the funds are stolen.

Man-in-the-middle attacks

Imagine you are sending a letter to a friend, and a malicious postman intercepts it on the way, quietly tampers with the contents of the letter, and then seals it back. When your friend receives the letter, he has no idea and thinks it is your original words. This is the essence of a man-in-the-middle attack. Although hardware wallets can isolate private keys, transactions still need to be completed through wallet applications on mobile phones or computers, as well as "message channels" such as USB, Bluetooth, and QR codes. These transmission links are like "invisible postmen". Once any link is controlled, the attacker can quietly tamper with the payment address or forge signature information.

The OneKey team reported a man-in-the-middle attack vulnerability to Trezor and MetaMask: When MetaMask connects to the Trezor device, it immediately reads the ETH public key inside the device and calculates the address based on different derivation paths on the software side. This process lacks any hardware confirmation or prompts, leaving room for man-in-the-middle attacks.

If local malware controls Trezor Bridge, it is equivalent to a "bad postman" in the communication link. The attacker can intercept and tamper with all communication data with the hardware wallet, causing the information displayed on the software interface to be inconsistent with the actual hardware situation. Once there is a loophole in the software verification process or the user does not carefully confirm the hardware information, the man-in-the-middle attack may succeed.

 (https://zhangzhao.name/)

Storage and backup

 (https://x.com/montyreport/status/1877102173357580680)

Finally, storage is as important as backup. Do not store or transfer your mnemonics to any connected device or platform, including memos, photo albums, favorites, transfer assistants, mailboxes, cloud notes, etc. In addition, asset security not only requires protection against hacker attacks, but also against unexpected disasters. Although paper backups are relatively safe, if they are not properly kept, they may face risks such as fire or flooding, making it difficult to recover assets.

Therefore, it is recommended to write the mnemonic words on physical paper and store them in multiple safe places. For high-value assets, you can consider using fireproof and waterproof metal plates. At the same time, regularly check the storage environment of the mnemonic words to ensure that they are safe and available.

Conclusion

As an important tool for asset protection, the security of hardware wallets is also limited by how users use them. Many scams do not directly break into the device, but instead lure users to voluntarily hand over control of their assets under the guise of "helping you be safer." In response to the various risk scenarios mentioned in this article, we have summarized the following suggestions:

• Purchase a hardware wallet through official channels: Devices purchased from unofficial channels are at risk of being tampered with.
• Make sure the device is in an unactivated state: The hardware wallet sold by the official website should be brand new and unactivated. If you find that the device has been activated after turning it on, or the manual prompts abnormal situations such as "initial password" or "default address", please stop using it immediately and report it to the official website.
• Key operations should be completed by the user himself: except for the device activation process, setting the PIN code, generating the binding code, creating the address and backing up the mnemonic should all be completed by the user himself. Any link operated by a third party is risky. Under normal circumstances, when the hardware wallet is used for the first time, a new wallet should be created at least three times in a row, and the generated mnemonic and corresponding address should be recorded to ensure that the results are not repeated each time.