Beware of counterfeit products in the Crypto wallet arena

  • By Tom Cleveland

  • December 19, 2018
  • 3:00 am BST

Sooner or later it had to happen – Counterfeiters have infiltrated the domain of crypto wallet manufacturers. Crypto wallets, independent of exchange safekeeping practices, were created to remove the fear associated with crypto exchange compromises. By best estimates, a $95 million industry has evolved to produce hack-proof hardware and software to protect an individual’s personal access keys and cryptocurrency. One of the industry’s most secure products has been “Trezor One”, but its manufacturer has discovered several copycat “clones” for sale in the marketplace.

The management team at Trezor One quickly alerted its clients of the potential for fraud and explained how to spot the counterfeit model, which it claimed was a “startling” revelation. Per one report: “The fake devices could be immediately spotted by their packaging, which differs from the legitimate device by the design of the special holographic markings and the presence of unsightly ‘Made in China’ markings. Though imitation may be “the sincerest form of flattery,” it is likely that the minor similarities between the devices end on outward appearances and do not extend to the software, which may well be faulty or even full of malware, in the case of the fakes.”

These devices, both the legit and the illegitimate versions, connect to the Internet via a standard USB port. The reference to “malware” above was a not so subtle way of advising you that, once you plug into the web, internal software may be sending your access keys directly to the crooks for final monetization. Once you hand over your private keys, you may bid your coins farewell, the reason for the old crypto adage: “If you don’t own your private keys, you don’t own your coins.”

From time to time, even the best products in this space have been hacked one way or another, but the firms have responded quickly with software updates to rectify any issues. As an ironic side note, the process of plugging into a USB port in order to receive a software update is, in itself, a risk of compromise at an apparent vulnerability point in the upgrade process. Manufacturers also try to block supply chain gambits by sealing the hardware in such a way, as to prevent break-ins. Software hackers, however, have developed tools to re-boot or modify internal software routines to their liking. The goal of manufacturers is to always be one step ahead of the next new hacking trick.

As for how the fakes made their way into the public domain, one reporter had this opinion: “Those customers, who are used to buying electronic devices on such platforms as Amazon or eBay, could have been confronted with an offer to purchase a “used just once” or “opened but never used” Trezor One wallet. The price for such an item may vary from $39 to $49.” Be careful regarding bargains on used devices.

The reaction of the crypto community has been a mix of outrage and frustration, but also an admission that it was only a matter of time. Counterfeiting in payments industry has a long sordid history of its own. In the meantime, the folks at Trezor One have always maintained that “Its software is the “most secure” and is invulnerable to hacking attacks.” As for how to proceed: “The experts and the manufacturer itself recommend maintaining vigilance when selecting hardware wallets and to purchase them only from verified resellers that can be found in a list on the official Trezor website.”