Trezor Confirms Breach Leading to Fraudulent Emails; Assures User Funds Remain Safe
Summary:
Trezor, the hardware wallet provider, confirms a breach in its third-party email service which led to a surge in fraudulent emails instructing users to update their network or risk losing their funds. The investigation suggests the breach was carried out by an unauthorized hack into Trezor's newsletter subscriber email database. The company has deactivated the malicious link and assures that user funds are safe unless recovery seeds were disclosed online. This follows a series of similar incidents centered on Trezor and its users in the past year.
The digital wallet company Trezor has recently confirmed a breach of its third-party email provider which led to a surge of fraudulent emails being sent to its users. Trezor disclosed that an illegitimate email, posing as the company, was distributed from their third-party email service on January 24. The rogue email, sent under the pretense of “[email protected],” directed users to update their network or risk the loss of their funds. It also included a deceptive link leading to a webpage where they were asked to input their seed phrase.
As of now, there's no confirmation from Trezor on whether any of its users have incurred monetary loss from this phishing scam. On a brighter note, Trezor has managed to disable the harmful link and assures users that their funds are safe, provided they did not reveal their recovery seed online. For those who have, Trezor strongly recommends transferring their assets to a new wallet without delay.
The investigation underway suggests that an unauthorized person acquired access to Trezor's email database comprising its newsletter subscribers and utilized Trezor's third-party email service to dispatch the malignant email.
Only a few days prior to this incident, MailerLite, a company that provides email marketing software, confirmed a cybersecurity breach on January 23, resulting in a series of phishing attacks using branded domains, causing losses amounting to over $3.3 million. There remain unanswered questions about whether Trezor also uses this email domain provider.
Certain people speculate that this recent onslaught might be related to a security infringement of Trezor's support portal earlier this month, which revealed contact data of approximately 66,000 users. Trezor clarified at that time that no other data had been jeopardized, and immediate actions were taken to block unauthorized access. Notice was also sent to all affected users.
Digital assets attorney Joe Carlasare reported that he had personally received the phishing email on January 24, categorizing it as an adept scam. This comes after a series of such instances where, in February of the previous year, Trezor had warned its users of a phishing attack aimed at luring the users to disclose their wallet's recovery phrase on a duplicate Trezor website. Later on, in May of the same year, cybersecurity company Kaspersky discovered a counterfeit hardware wallet imitating Trezor in the market, used by fraudsters to rob funds by supplanting a microcontroller which enabled them to assume control over a user’s private keys.
Published At
1/25/2024 8:17:01 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.