The Diabolic Drive, recently developed as a USB wireless keystroke injection tool, is intended to stress test networks, but could it be used to steal cryptocurrency? Reviews of the 64GB drive highlight its ability to fire a payload of malicious script remotely and execute commands when plugged into a device. A nightmare scenario is that a user plugs in the Diabolic Drive as a gift from a cryptocurrency conference promoter, allowing an attacker to steal cryptocurrency holdings.

Cointelegraph reached out to cybersecurity firms to explore the potential for attackers to steal coins. Zeki Turedi, CrowdStrike’s field CTO for Europe, said USB keystrokes and wireless keyboard/HID devices have been used by penetration testers for years. He noted that once the device has been plugged in, malicious software could be downloaded, giving an attacker control of the system. A member of CertiK’s security team also said the Diabolic Drive could be used to steal cryptocurrency, though most devices would require physical access.

CertiK noted that hardware-based attacks are more likely to target individuals or entities with significant cryptocurrency holdings, due to their high value. Turedi also mentioned supply chain attacks, where malicious components are compromised to gain access to systems.

CrowdStrike recommend using Next Generation Antivirus (NGAV) software to detect and control what type of USBs can interact with a system. CertiK suggests updating antivirus and operating systems, and avoiding plugging in USB devices or cables from unknown sources. Air-gapping, where a user keeps a computer or device disconnected from the internet and local networks, is the most secure method.

Recent rug pulls and exit scams have stolen over $45 million in May 2023, demonstrating the potential for malicious actors. Adopting secure solutions and exercising caution when plugging in unknown USB devices is key to avoiding cryptocurrency theft.