Crypto wallet Trezor deals with phishing campaign, says exec
Cryptocurrency hardware wallet provider Trezor is investigating a recent phishing campaign after users reported receiving phishing emails.
Anonymous blockchain sleuth ZachXBT took to his Telegram channel on October 26 to warn users of a phishing attack targeting Trezor customers.
ZachXBT cited a post by X (formerly Twitter) from the account JHDN, which alleges Trezor may have breached it specifically after receiving phishing emails from the email account used to purchase the wallet.
Similar to previous Trezor-related phishing attacks, the phishing email invites users to download the “latest firmware update” to users' Trezor devices to “fix a problem in the software.” According to the poster, the malicious email was sent from the email amministrazione@sideagroup.com.
Does Trezor seem hacked? @Trezor @zachxbt #Trezor pic.twitter.com/4lmjZE1Quk
— j (@JHDN) October 26, 2023
“Be aware that this person has received a phishing email from an email address associated with a Trezor purchase,” wrote ZackXBT, adding that the social media reports may point to a data breach for Trezor or Evri, the UK delivery company that installs Trezor. Tools.
ZachXBT mentioned that two other people on Reddit complained about the Trezor phishing email today.
Trezor Brand Ambassador Joseph Tetek said the company is aware of the ongoing phishing campaign and is actively monitoring it.
“We continuously report fake websites, contact domain registrars, and educate and warn our customers about known risks,” TechTech said, citing several articles it has written to help users deal with phishing attacks. According to an article like this one, phishing emails often redirect users to download a Trezor Suite-like app that asks them to link their wallet and enter their seed.
Related: Fraudsters Create Blockworks Clone Site To Leak Crypto Wallets
“The seed is compromised once you enter the application, and your funds are immediately transferred to the attacker's wallet,” the page reads.
Tetek emphasizes that Trezor will never ask users for their recovery seed, PIN or passphrase:
“Users should not enter their recovery seed directly into any website, or mobile app, or type it into a computer. The only safe way to work with a recovery seed is through the instructions on the associated Trezor hardware wallet.”
Despite many efforts to curb such scams, Cryptocurrency investors have been suffering from a number of phishing attacks. In September, a major crypto investor lost $24 million worth of crypto assets after falling victim to a massive phishing campaign. According to some cyber security reports, the number of cryptocurrency phishing attacks will increase by 40% by 2022.
Additional reporting by Cointelegraph author Felix Ng.
Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in.
