Scam alert: Trezor warns users of new phishing attack

Hardware cryptocurrency wallet supplier Trezor has warned its users astir a caller phishing onslaught targeting their crypto investments by trying to bargain their backstage keys.

Trezor took to Twitter connected Feb. 28 to caution users astir an progressive phishing onslaught designed to bargain investors’ wealth by making them participate the wallet’s betterment operation connected a fake Trezor website.

The phishing run involves attackers posing arsenic Trezor and contacting victims via telephone calls, texts oregon emails claiming that determination has been a information breach oregon suspicious enactment connected their Trezor account.

“Trezor Suite has precocious endured a information breach, presume each your assets are vulnerable,” the fake connection reads, inviting users to travel a phishing nexus to “secure” their Trezor device.

“Please disregard these messages arsenic they are not from Trezor,” Trezor declared connected Twitter, emphasizing that the steadfast volition ne'er interaction its customers via calls oregon SMS. The steadfast added that Trezor has not recovered immoderate grounds of a database breach.

A fake SMS from scammers posing arsenic Trezor. Source: Twitter

According to online reports, the latest phishing onslaught against Trezor customers was launched connected Feb. 27, with users being directed to a domain asking to participate their betterment seed. The domain provides a perfectly-made fake Trezor website that prompts users to commencement securing their wallet by clicking the “Start” button.

A screenshot from a phishing domain copying Trezor’s website. Source: Bleeping Computer

After clicking the “Start” button, users volition beryllium asked to supply the betterment operation for their cryptocurrency wallet.

The wallet’s betterment phrase, besides known arsenic backstage keys, is the astir important portion of self-custody, oregon “being your ain bank” by keeping your crypto connected a bundle oregon hardware non-custodial wallet. The information of the recovery operation is mode much important than keeping the hardware wallet safe, and erstwhile the backstage keys are stolen, it means that crypto holdings nary longer beryllium to their archetypal owner.

Related: Notorious Monkey Drainer crypto scammer says they’re ‘shutting down’

The quality came soon aft metaverse steadfast The Sandbox suffered a information breach connected Feb. 26, that resulted successful a phishing email sent to users.

The latest phishing onslaught against Trezor customers is not the archetypal scam of specified kind. Trezor wallets were besides targeted with phishing attacks successful April 2022, with attackers contacting Trezor users posing arsenic the company, asking them to download a fake Trezor app.

Such attacks are not exclusive to Trezor though. In 2020, rival hardware wallet steadfast Ledger suffered a monolithic information breach, with attackers publically exposing idiosyncratic accusation of much than 270,000 Ledger customers.