Trezor warns users about new phishing attack

Hardware cryptocurrency wallet provider Trezor has warned users about a new phishing attack that targets investments by attempting to steal their private keys.

On February 28, Trezor warned users about an active phishing attack designed to steal investor funds by asking to enter a wallet recovery phrase on a fake Trezor website.

In this phishing campaign, attackers impersonate Trezor and contact victims via phone, text, or email claiming to have discovered a security breach or suspicious activity on their Trezor account.

“Trezor Suite recently suffered a security breach, so all of your assets are vulnerable.”

The fake notification then invites users to click on a phishing link to “secure” their Trezor device.

“Please ignore these messages as they were not sent by Trezor,” Trezor stated on Twitter, emphasizing that the company will never contact customers by phone or SMS. The company added Trezor did not find any evidence of a database breach.

A fake SMS message from scammers impersonating Trezor. Source: Twitter
A fake SMS message from scammers impersonating Trezor. Source: Twitter

According to online reports, the latest phishing attack against Trezor customers began on February 27, and users were redirected to a domain name that required entering a recovery seed phrase. This domain offers a fake Trezor website that closely resembles the real version, prompting users to start securing their wallets by clicking the “Get Started” button.

Screenshot of a phishing domain cloned from Trezor's website. Source: Bleeping Computer
Screenshot of a phishing domain cloned from Trezor’s website. Source: Bleeping Computer

After clicking the “Get Started” button, users will be asked to provide their cryptocurrency wallet recovery phrase.

The wallet’s recovery phrase or private key is the most important part of self-custody to keep your crypto on a software or hardware non-custodial wallet. The security of the recovery phrase is more important than keeping the hardware wallet safe. When private keys are stolen, it means that the cryptocurrency held no longer belongs to the original owner.

The news comes shortly after Metaverse company The Sandbox suffered a data breach on February 26 and users received a phishing email.

The latest phishing attack targeting Trezor customers is not the first scam of its kind. Trezor wallet was also the target of phishing attacks in April 2022, when hackers disguised as companies contacted Trezor users, asking them to download fake Trezor applications.

However, such attacks are not unique to Trezor. In 2020, rival hardware wallet company Ledger suffered a major data breach and attackers publicly disclosed the personal information of more than 270,000 Ledger customers.

About Admin

Virtual currencies, also known as cryptocurrencies, are an exciting and rapidly-evolving field with many innovative projects and applications. Remember to always do your due diligence and thoroughly research any virtual currency project before investing or participating in it.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *