π¨ Two days ago, we received a concerning support request: An app that appeared to be the BitBoxApp asked the user to enter their recovery words.
This was clearly a phishing attempt by an attacker trying to steal the users funds.
Here's what happened: π
The victim has had his BitBox02 for multiple months already. One day, after plugging in their BitBox02, the BitBoxApp flashed and displayed the above screen.
Knowing he wasn't supposed to enter his recovery words on a computer, he immediately contacted our support. πͺ
Together with the victim, we figured out that a malicious BitBoxApp clone was placed on his computer. It does not replace the BitBoxApp, but is installed in another folder.
Once the original BitBoxApp has been opened, it minimizes the original BitBoxApp and displays the malicious "Bitbox.exe" over all other content.
The malware also appear to take screenshots to surveil the victim. π¨
We were able to trace the origin of the malware to a malicious website.
The victim used DuckDuckGo to search for "wasabi wallet" and ended up downloading a malicious installer.
This is an extremely easy mistake to make, as there are multiple phishing sites in the top results.
We have reached out to Wasabi Wallet and they assured us they do everything in their power to get rid of these fake sites.
It is necessary for DuckDuckGo to take action and make sure these malicious websites don't appear in their search results.
To make sure this does not happen to you, you should always verify exactly where you are downloading programs from.
This is also why we provide instructions on how to verify the signatures for our BitBoxApp before you run them:
GitHub
Release v4.39.0 Β· BitBoxSwiss/bitbox-wallet-app
Release notes
Bundle BitBox02 Bitcoin-only firmware version 9.15.0
Bundle BitBox02 Multi firmware version 9.15.0
Display the wallet root fingerpri...
Thank you again to the victim for helping us figure this out as quickly as possible!
Their fast and correct response made it possible for us to figure this out really fast and warn other users. We've already shipped them a small 'thank you' package to show our gratitude. π
In the end the BitBox02 did exactly what it was supposed to:
It protected the users wallet when their PC got compromised.
Would the victim have used a software wallet, chances are high that their money would have been stolen.
