Hardware cryptocurrency wallet provider Trezor has warned users about a new phishing attack that targets investments by attempting to steal their private keys.
On February 28, Trezor warned users about an active phishing attack designed to steal investor funds by asking to enter a wallet recovery phrase on a fake Trezor website.
In this phishing campaign, attackers impersonate Trezor and contact victims via phone, text, or email claiming to have discovered a security breach or suspicious activity on their Trezor account.
“Trezor Suite recently suffered a security breach, so all of your assets are vulnerable.”
The fake notification then invites users to click on a phishing link to “secure” their Trezor device.
“Please ignore these messages as they were not sent by Trezor,” Trezor stated on Twitter, emphasizing that the company will never contact customers by phone or SMS. The company added Trezor did not find any evidence of a database breach.
According to online reports, the latest phishing attack against Trezor customers began on February 27, and users were redirected to a domain name that required entering a recovery seed phrase. This domain offers a fake Trezor website that closely resembles the real version, prompting users to start securing their wallets by clicking the “Get Started” button.
After clicking the “Get Started” button, users will be asked to provide their cryptocurrency wallet recovery phrase.
The wallet’s recovery phrase or private key is the most important part of self-custody to keep your crypto on a software or hardware non-custodial wallet. The security of the recovery phrase is more important than keeping the hardware wallet safe. When private keys are stolen, it means that the cryptocurrency held no longer belongs to the original owner.
The news comes shortly after Metaverse company The Sandbox suffered a data breach on February 26 and users received a phishing email.
The latest phishing attack targeting Trezor customers is not the first scam of its kind. Trezor wallet was also the target of phishing attacks in April 2022, when hackers disguised as companies contacted Trezor users, asking them to download fake Trezor applications.
However, such attacks are not unique to Trezor. In 2020, rival hardware wallet company Ledger suffered a major data breach and attackers publicly disclosed the personal information of more than 270,000 Ledger customers.