Trezor Investigates Phishing Campaign Targeting Crypto Wallet Customers
Summary:
Trezor, a cryptocurrency hardware wallet provider, is investigating a recent phishing campaign after multiple users reported receiving phishing emails. This campaign allegedly targets Trezor customers, inviting them to download a "firmware update" to fix a supposed software issue. The company is actively investigating the situation, and as a precaution, urges users not to enter their recovery seed, PIN, or passphrase into any websites or apps, except through the instructions provided on a connected Trezor hardware wallet.
Trezor, a renowned provider of cryptocurrency hardware wallets, is currently investigating an ongoing phishing campaign following numerous reports from customers about receiving suspicious emails. Alarm over these deceptive attempts was first raised by anonymous cryptocurrency investigator ZachXBT on his Telegram channel on October 26, highlighting a phishing operation specifically aimed at Trezor's clientele. ZachXBT paid heed to a post from account JHDN on platform X (formerly Twitter), suggesting that Trezor's systems might have been compromised, given the receipt of such nefarious emails via his wallet-purchase-specific email account.
Echoing Trezor-focused phishing strategies witnessed before, the questionable email urges customers to download an “updated firmware” onto their Trezor devices intended to resolve a mysterious software glitch. The sender of this potentially harmful communication, as claimed by the complainant, was [email protected]. A tweet from JHDN raised questions -Could Trezor's security been compromised?
ZachXBT warned about the phishing bait, urging clients to be vigilant, especially with an email address linked to their Trezor purchase. The shared social media report, he added, suggested a possible data leak at Evri, the British delivery firm handling Trezor device shipping, or even Trezor itself. Two other Reddit posts on the same day reported similar phishing attempts, as mentioned by ZachXBT.
Tackling the situation, Trezor's representative Josef Tetek confirmed their awareness of the ongoing phishing drive and stated that they are diligently probing the matter. The company has been actively reporting counterfeit websites, liaising with domain registrars, and guiding its customers about known risks. Tetek referred to numerous articles aiding users to tackle such phishing efforts, usually resulting in a duplicitous Trezor Suite-like app asking customers to link their wallet and enter their seed.
The guidelines caution customers that upon seed entry, their funds will be instantly transferred to the attacker's wallet, meaning the seed is now exposed. Trezor, emphasized Tetek, never requests for user recovery seed, PIN or passphrase. He underlined that users must never type their recovery seed into any online platform, apps or computers. The only secure method of handling recovery seed is through the instructions provided on the user's coupled Trezor hardware wallet.
Cryptocurrency investors continue to face increasingly sophisticated phishing attempts, despite efforts to limit such fraudulent activities. A recent case in September saw a major investor falling victim to a wide-scale phishing scheme, forfeiting crypto assets worth $24 million. Cybersecurity surveys suggest a 40% surge in cryptocurrency-related phishing exploits in 2022. Cointelegraph's Felix Ng provided additional reporting on this.
Published At
10/27/2023 11:42:20 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.