Recently, Trezor, a renowned hardware wallet provider for storing cryptocurrencies, issued an alert regarding an unauthorized phishing attempt targeting its users. This attack involved malicious emails posing as the company, urging users to upgrade their “network” to avoid the loss of their funds.
The company successfully deactivated the malicious link and subsequently advised affected users to transfer their funds to new wallets as a preventive measure against any potential data breaches.
The unauthorized email impersonating Trezor using our domain addressed subscribers to our newsletter.
If you have not disclosed your 12 or 24-word recovery seed through any online form, your assets remain secure.
If you have entered your recovery seed in any form, particularly…
— Trezor (@Trezor) January 24, 2024
The phishing attempt was detected through unauthorized emails sent from a third-party email provider used by Trezor. In the deceptive email, users were instructed to upgrade their “network” to prevent fund loss. A fraudulent link in the email directed users to a webpage where they were prompted to enter their recovery phrase.
While Trezor has not confirmed whether some users fell victim to the phishing attempt, the company assures that funds remain secure for those who did not disclose their recovery phrase. However, for those who shared their recovery phrase, it is strongly recommended to promptly transfer their funds to a new wallet.
The investigation conducted by Trezor suggests that an unauthorized individual gained access to the company’s email address database, primarily consisting of newsletter subscribers. This perpetrator utilized a third-party email service to send out the malicious emails on behalf of Trezor.
After the Trezor attack, Users Are Urged to Prioritize Security and Prevention
This incident raises concerns about the security of user data and the risks associated with third-party service providers. Despite Trezor taking necessary steps to address the situation, it emphasizes the importance of implementing robust cybersecurity measures to protect user information and assets.
This phishing attempt occurs amid a rise in cyberattacks in the crypto industry, especially phishing attacks aiming to deceive users into divulging private keys or recovery phrases, leading to the loss of digital assets.
It is crucial for users to remain vigilant and proactively protect their assets. Caution is advised when receiving unsolicited emails, especially those requesting sensitive information like private keys or recovery phrases. Additionally, users should regularly update their security practices, enable two-factor authentication whenever possible, and verify the authenticity of communications from cryptocurrency service providers. Lastly, it is advisable to visit official websites directly instead of clicking on links in emails to ensure the legitimacy of requests.