TheDinarian
News • Business • Investing & Finance
Criminals have recently been found creating modified Trezor wallets
May 16, 2023
post photo preview

(Dinarian Note: This is why it's worth paying a few extra dollars at the manufacturers website, versus buying a used-refurbished unit on the secondary markets.These theives are getting smarter and smarter unfortunately...)

Full review of a fake cryptowallet incident. It looks and feels like a Trezor wallet, but puts all your crypto-investments into the hands of criminals.

Easy to steal and cash out, сryptocurrency is one of the most attractive digital assets for attackers. Accordingly, serious investors often use hardware cryptowallets to protect their crypto-investments. Such a wallet stores private keys away from vulnerable computers and smartphones and makes it much safer to sign transactions. But unfortunately, owning a hardware wallet doesn’t guarantee the safety of your funds, as one of our clients has learned the hard way.

Hack symptoms

Attackers worked stealthily: on a fateful day in the transaction history of a cryptowallet there appeared an operation in which a large sum of money was transferred to someone else. However, no transactions were performed on that day by the victim at all. Moreover, the cryptowallet wasn’t even plugged into a computer!

Aaand… It's gone!

Aaand… It’s gone!

Dissecting the wallet

The victim had purchased the rather popular hardware wallet Trezor Model T. It uses fully open-source code — both software and hardware-wise — and is based on the popular STM32F427 microcontroller.

The Trezor Model T vendor has undertaken a wide range security measures that, in theory, should reliably protect the device from attackers. Both the box and the unit housing are sealed with holographic stickers, the microcontroller is in flash memory read-out protection mode (RDP 2). The bootloader checks the digital signature of the firmware and, if an anomaly is detected, displays an unoriginal firmware message and deletes all the data in the wallet. Accessing the device and confirming transactions require a PIN code that — even though it doesn’t protect the master access key (a base for generating the mnemonic seed phrase) — is used to encrypt the storage where it’s kept. Optionally, in addition to the PIN, you can protect your master access key with a password as per the BIP-39 standard.

Do not use me, I am unsafe!

At first cursory glance, the wallet we examined appeared to be exactly the same as a genuine one, and showed no signs of tampering. The unit was bought from a trusted seller through a popular classifieds website, and the holographic stickers on the box and the wallet itself were all present and undamaged. When started-up in update mode, the wallet displayed firmware version 2.4.3 and bootloader version 2.0.4.

Fake wallet update mode screen

When handling the wallet, nothing felt suspicious either: all the functions worked as they should, and the user interface was no different from the original one. However, mindful of the theft that had occurred via it, we delved deeper. And that’s where our interesting discoveries began.

Right off the bat, we found that the vendor had never released bootloader version 2.0.4. The project change history at GitHub concisely states that this version was “skipped due to fake devices”. After such an intriguing statement, we just had to reach for the scalpel and begin our dissection, of course…

What on earth is version 2.0.4?

What on earth is version 2.0.4?

The housing was difficult to open: its two halves were held together with liberal quantities of glue and double-sided adhesive tape instead of the ultrasonic bonding used on factory-made Trezors. Even more curiously, inside there was an entirely different microcontroller showing traces of soldering! Instead of the original STM32F427, the unit had an STM32F429 with fully deactivated microcontroller flash-memory read-out protection mechanisms (RDP 0 instead of RDP 2 in genuine Trezors).

It looked perfectly genuine from the outside; however… (left — original, right — fake)

           It looked perfectly genuine from the outside; however… (left — original, right — fake)

Thus, the fake cryptowallet theory was proved true: it was a classic supply-chain attack in which an unsuspecting victim buys an already-hacked device. But the actual cryptocurrency stealing mechanism was still unclear…

Trojan firmware

We won’t repeat the commonplace truths about cryptowallets that we covered earlier, but we’ve just one little reminder for you: a cryptowallet contains your private key, and whoever knows that key can sign any transaction and spend your money. The fact that the attackers were able to conduct a transaction while the offline wallet was stashed in its owner’s strongbox means that they either copied the private key after it was generated, or… they knew it all along!

Thanks to the deactivated flash-memory read-out protection, which our attackers decided not to turn on after the new microcontroller was soldered in, we easily extracted the wallet firmware and, by reconstructing its code, discovered that the attackers indeed knew the private key in advance. But how?

The original bootloader and wallet firmware received only three modifications:

First, the bootloader-checks for protection mechanisms and digital signatures were removed, thus getting rid of the “red screen” problem during the firmware originality check at startup.

Second, at the initialization stage or when resetting the wallet, the randomly generated seed phrase was replaced with one of 20 pre-generated seed phrases saved in the hacked firmware. The owner would begin using it instead of a new and unique one.

Third, if the user chose to set an additional master-seed protection password, only its first symbol (a…zA…Z0…9 or ! for any special character) was used, which, together with the no-password option, gave just 64 possible combinations. Thus, to crack a given fake wallet, only 64*20=1280 variants were to be considered.

The fake cryptowallet would operate as normal, but the attackers had full control over it from the very beginning. According to the transaction history, they were in no hurry, waiting a whole month after the wallet was credited for the first time before they grabbed the money. The owner had no protection whatsoever: the game was lost from the very moment the money first arrived in the Trojan wallet.

How to prevent the fake device threat

It’s not easy to tell a fake cryptowallet from a real one without special knowledge and experience. The main safeguard is to buy your wallet directly from the official vendor and choose models with special versions of protected microcontrollers (even original Trezors aren’t ideal in this sense: there are other brands’ wallets with better protected chips and extra protection mechanisms).

It should be remembered that even an authentic and unmodified wallet can be vulnerable to a number of threats. The priority measures include the use of a password (if supported by your wallet), and, of course, protection for all computers and smartphones.

Link

 

 

community logo
Join the TheDinarian Community
To read more articles like this, sign up and join my community today
0
What else you may like…
Videos
Podcasts
Posts
Articles
Ripple CEO on partnership with BNY to serve as custodian of stablecoin
00:01:12
Brad Garlinghouse In Washington 🚀

It’s time for a fair and open level playing field.

Under Gary Gensler it was quite the opposite.

  • Brad Garlinghouse
    July 9, 2025
00:01:56
More Of The Same...l

🚨 JUST IN: Patriot Tom Fitton, who has been fighting DOJ and FBI to release documents for years, has practically thrown in the towel.

👉 "The justice department and the FBI are irredeemably compromised and corrupted.
The leadership needs to understand that and act accordingly." ~Tom Fitton

00:01:30
👉 Coinbase just launched an AI agent for Crypto Trading

Custom AI assistants that print money in your sleep? 🔜

The future of Crypto x AI is about to go crazy.

👉 Here’s what you need to know:

💠 'Based Agent' enables creation of custom AI agents
💠 Users set up personalized agents in < 3 minutes
💠 Equipped w/ crypto wallet and on-chain functions
💠 Capable of completing trades, swaps, and staking
💠 Integrates with Coinbase’s SDK, OpenAI, & Replit

👉 What this means for the future of Crypto:

1. Open Access: Democratized access to advanced trading
2. Automated Txns: Complex trades + streamlined on-chain activity
3. AI Dominance: Est ~80% of crypto 👉txns done by AI agents by 2025

🚨 I personally wouldn't bet against Brian Armstrong and Jesse Pollak.

👉 Coinbase just launched an AI agent for Crypto Trading

🎁 As of July 8th there have been 84 VERI SmartMetal NFT Activations (1.3%). With shipments ramping up, we witness the corresponding jump in activations.

Need help getting started? Check out our knowledge base to get the info you need: https://veridao.freshdesk.com/support/solutions/articles/51000487052-what-are-the-nft-activation-steps

👉Interested in which NFTs have been activated? Check them out here:
https://basescan.org/token/0x4516a5d613c30a36d157d3b579813734cbb929a4

post photo preview

🚨BREAKING: The US House Committee on Financial Services says that next week the House will deliver on President Trump's call to make the US the "crypto capital of the world!

post photo preview
Brinc Launches Web3 Accelerator with Octopus, XDC & IDA

Brinc Launches Web3 Accelerator with Octopus, XDC & IDA to Transform Hong Kong’s Loyalty and Payment Systems.

Read more: https://www.brinc.io/blog/brinc-launches-octopus-backed-web3-accelerator-program-to-revolutionize-hong-kongs-retail-loyalty-and-payment-ecosystem-with-xdc-and-ida-as-key-web3-infrastructure-partners/

🔗 Startups can apply from July 10

📅 Launching Sept 8

Learn more about the Web3 Accelerator program and apply now: https://www.brinc.io/stablecoin-accelerator/

post photo preview
Musk Turns On Starlink to Save Iranians from Regime’s Internet Crackdown

Elon Musk, the world’s richest man and a visionary behind SpaceX, has flipped the switch on Starlink, delivering internet to Iranians amid a brutal regime crackdown.

This move comes on the heels of Israeli strikes targeting Iran’s nuclear facilities, as the Islamic Republic cuts off online access.

The former Department of Government Efficiency chief activated Starlink satellite internet service for Iranians on Saturday following the Islamic Republic's decision to impose nationwide internet restrictions.

As the Jerusalem Post reports, that the Islamic Republic’s Communications Ministry announced the move, stating, "In view of the special conditions of the country, temporary restrictions have been imposed on the country’s internet."

This action followed a series of Israeli attacks on Iranian targets.

Starlink, a SpaceX-developed satellite constellation, provides high-speed internet to regions with limited connectivity, such as remote areas or conflict zones.

Elizabeth MacDonald, a Fox News contributor, highlighted its impact, noting, "Elon Musk turning on Starlink for Iran in 2022 was a game changer. Starlink connects directly to SpaceX satellites, bypassing Iran’s ground infrastructure. That means even during government-imposed shutdowns or censorship, users can still get online, and reportedly more than 100,000 inside Iran are doing that."

During the 2022 "Woman, Life, Freedom" protests, Starlink enabled Iranians to communicate and share footage globally despite network blackouts," she added.

MacDonald also mentioned ongoing tests of "direct-to-cell" capabilities, which could allow smartphone connections without a dish, potentially expanding access and supporting free expression and protest coordination.

Musk confirmed the activation, noting on Saturday, "The beams are on."

This follows the regime’s internet shutdowns, which were triggered by Israeli military actions.

Adding to the tension, Israeli Prime Minister Benjamin Netanyahu addressed the Iranian people on Friday, urging resistance against the regime.

"Israel's fight is not against the Iranian people. Our fight is against the murderous Islamic regime that oppresses and impoverishes you,” he said.

Meanwhile, Reza Pahlavi, the exiled son of Iran’s last monarch, called on military and security forces to abandon the regime, accusing Supreme Leader Ayatollah Ali Khamenei in a Persian-language social media post of forcing Iranians into an unwanted war.

Starlink has been a beacon in other crises. Beyond Iran, Musk has leveraged Starlink to assist people during natural disasters and conflicts.

In the wake of hurricanes and earthquakes, Starlink has provided critical internet access to affected communities, enabling emergency communications and coordination.

Similarly, during the Ukraine-Russia conflict, Musk activated Starlink to support Ukrainian forces and civilians, ensuring they could maintain contact and access vital information under dire circumstances.

The genius entrepreneur, is throwing a lifeline to the oppressed in Iran, and the libs can’t stand it.

Conservative talk show host Mark Levin praised Musk’s action, reposting a message stating that Starlink would "reconnect the Iranian people with the internet and put the final nail in the coffin of the Iranian regime."

"God bless you, Elon. The Starlink beams are on in Iran!" Levin wrote.

Musk, who recently stepped down from leading the DOGE in the Trump administration, has apologized to President Trump for past criticisms, including his stance on the One Big Beautiful Bill.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

Read full Article
post photo preview
GENIUS Act lets State banks conduct some business nationwide. Regulators object

The Senate passed the GENIUS Act for stablecoins last week, but significant work remains before it becomes law. The House has a different bill, the STABLE Act, with notable differences that must be reconciled. State banking regulators have raised strong objections to a provision in the GENIUS Act that would allow state banks to operate nationwide without authorization from host states or a federal regulator.

The controversial clause permits a state bank with a regulated stablecoin subsidiary to provide money transmitter and custodial services in any other state. While host states can impose consumer protection laws, they cannot require the usual authorization and oversight typically needed for out-of-state banking operations.

The Conference of State Bank Supervisors welcomed some changes in the GENIUS Act but remains adamantly opposed to this particular provision. In a statement, CSBS said:

“Critical changes must be made during House consideration of the legislation to prevent unintended consequences and further mitigate financial stability risks. CSBS remains concerned with the dramatic and unsupported expansion of the authority of uninsured banks to conduct money transmission or custody activities nationwide without the approval or oversight of host state supervisors (Sec. 16(d)).”

The National Conference of State Legislatures expressed similar concerns in early June, stating:

“We urge you to oppose Section 16(d) and support state authority to regulate financial services in a manner that reflects local conditions, priorities and risk tolerances. Preserving the dual banking system and respecting state autonomy is essential to the safety, soundness and diversity of our nation’s financial sector.”

Evolution of nationwide authorization

Section 16 addresses several issues beyond stablecoins, including preventing a recurrence of the SEC’s SAB 121, which forced crypto assets held in custody onto balance sheets. However, the nationwide authorization subsection was added after the legislation cleared the Senate Banking Committee, with two significant modifications since then.

Originally, the provision applied only to special bank charters like Wyoming’s Special Purpose Depository Institutions or Connecticut’s Innovation Banks. Examples include crypto-focused Custodia Bank and crypto exchange Kraken in Wyoming, plus traditional finance player Fnality US in Connecticut. Recently the scope was expanded to cover most state chartered banks with stablecoin subsidiaries, possibly due to concerns about competitive advantages.

Simultaneously, the clause was substantially tightened. The initial version allowed state chartered banks to provide money transmission and custody services nationwide for any type of asset, which would include cryptocurrencies. Now these activities can only be conducted by the stablecoin subsidiary, and while Section 16(d) doesn’t explicitly limit services to stablecoins, the GENIUS Act currently restricts issuers to stablecoin related activities.

However, the House STABLE Act takes a more permissive approach, allowing regulators to decide which non-stablecoin activities are permitted. If the House version prevails in reconciliation, it could result in a significant expansion of allowed nationwide banking activities beyond stablecoins.

Is it that bad?

As originally drafted, the clause seemed overly permissive.

The amended clause makes sense for stablecoin issuers. They want to have a single regulator and be able to provide the stablecoin services throughout the United States. But it also leans into the perception outside of crypto that this is just another form of regulatory arbitrage.

The controversy over Section 16(d) reflects concerns about creating a regulatory gap that allows banks to operate interstate without the oversight typically required from either federal or state authorities. As the two Congressional chambers work toward reconciliation, lawmakers must decide whether stablecoin legislation should include provisions that effectively reduce traditional banking oversight requirements.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

Read full Article
post photo preview
Dubai regulator VARA classifies RWA issuance as licensed activity
Virtual Asset Regulatory Authority (VARA) leads global regulatory framework - makes RWA issuance licensed activity in Dubai.

Real-world assets (RWAs) issuance is now licensed activity in Dubai.

~ Actual law.
~ Not a legal gray zone.
~ Not a whitepaper fantasy.

RWA issuance and listing on secondary markets is defined under binding crypto regulation.

It’s execution by Dubai.

Irina Heaver explained:

“RWA issuance is no longer theoretical. It’s now a regulatory reality.”

VARA defined:

- RWAs are classified as Asset-Referenced Virtual Assets (ARVAs)

- Secondary market trading is permitted under VARA license

- Issuers need capital, audits, and legal disclosures

- Regulated broker-dealers and exchanges can now onboard and trade them

This closes the gap that killed STOs in 2018.

No more tokenization without venues.
No more assets without liquidity.

UAE is doing what Switzerland, Singapore, and Europe still haven’t:

Creating enforceable frameworks for RWA tokenization that actually work.

Matthew White, CEO of VARA, said it perfectly:

“Tokenization will redefine global finance in 2025.”

He’s not exaggerating.

$500B+ market predicted next year.

And the UAE just gave it legal rails.

~Real estate.
~Private credit.
~Shariah-compliant products.

Everything is in play.

This is how you turn hype into infrastructure.

What Dubai is doing now is 3 years ahead of everyone else.

Founders, investors, ecosystem builders:

You want to build real-world assets onchain.

Don’t waste another year waiting for clarity.

Come to Dubai.

It’s already here.

 

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

 

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals