WLT-HW-SUPPLYInitial Access

Hardware Wallet Supply-Chain Tamper

Tamper with the hardware wallet package before delivery — pre-seeded seed phrase or backdoored firmware.

§ Where this technique fits

WLT-HW-SUPPLY is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Hardware wallet supply-chain tamper → pre-seeded seed
Intercept Trezor / Ledger / KeepKey in transit (or counterfeit on Amazon / eBay). Replace device with one that already has a known seed phrase the attacker controls — victim deposits, attacker drains.
step 2 / 5

§ What commonly comes next

01
Supply Chain Compromise
T1195 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Hardware wallet supply-chain tamper → pre-seeded seed

§ What commonly comes next