Trezor warns users of new phishing attack

Trezor, a hardware cryptocurrency wallet provider, has warned users of a new phishing attack aimed at investing in crypto assets by attempting to steal their private keys.

Trezor posted on Twitter on Feb. 28, Note Users reported an active phishing campaign designed to steal money from investors by tricking them into entering their wallet recovery phrases on a fake Trezor website.

Phishing campaigns involve attackers pretending to be Trezor and contacting victims via phone, text, or email, claiming a security breach or suspicious activity on their Trezor accounts.

“Trezor Suite recently endured a security breach. Assume all assets are vulnerable” read a fake message encouraging users to “secure” their Trezor device by following a phishing link I’m here.

“Please ignore these messages as they are not from Trezor,” Trezor declared on Twitter, emphasizing that the company never contacts customers by phone or SMS. The company added that Trezor had found no evidence of a database breach.

Fake SMS from scammers pretending to be Trezor.Source: Twitter

According to an online report, the latest phishing attack against Trezor customers was launch On February 27th, the user was directed to a domain asking for a recovery seed. This domain offers a fully-made fake girlfriend Trezor website and encourages users to click the “Start” button to start securing their wallets.

A screenshot of a phishing domain that copies Trezor’s website.Source: Bleeping Computer

After clicking the “Start” button, the user will be asked to provide a cryptocurrency wallet recovery phrase.

A wallet recovery phrase, also known as a private key, is the most important part of becoming self-custody, or “becoming your own bank,” by storing your cryptocurrencies in a software or hardware uncustodial wallet. The security of your recovery phrase is far more important than keeping your hardware wallet safe, meaning that if your private key is stolen, your crypto assets no longer belong to their original owner. .

Related: Notorious Monkey Drainer Crypto Scammers Say They’re ‘Shut Down’

The news comes on the heels of metaverse company The Sandbox. suffered A phishing email was sent to users in the February 26th data breach.

The latest phishing attack against Trezor customers is not the first of its kind. The Trezor wallet was also targeted in a phishing attack in April 2022. The attacker contacted her Trezor user, posing as the company, and asked her to download her fake Trezor app.

However, such attacks are not unique to Trezor. In 2020, rival hardware wallet company Ledger suffered a massive data breach in which attackers exposed the personal information of over 270,000 of his Ledger customers.