Trezor, a leading cryptocurrency hardware wallet provider, is currently conducting an investigation into a recent phishing campaign that has targeted its users. Reports of phishing emails aimed at Trezor customers prompted the company to take swift action to address the issue.
In a recent development, cryptocurrency hardware wallet provider Trezor has found itself embroiled in a phishing campaign that threatens the security of its users. The alarm was raised when users began reporting suspicious emails purporting to be from Trezor.
An anonymous blockchain investigator known as ZachXBT took to his Telegram channel to notify users of the phishing attack that was specifically targeting Trezor customers. The issue was further highlighted in a post by the account JHDN on the social media platform X (formerly Twitter). This post suggested that Trezor may have experienced a security breach, as phishing emails were discovered in an email account exclusively used for Trezor wallet purchases.
The modus operandi of this phishing campaign was reminiscent of previous attacks on Trezor users. Victims received deceptive emails enticing them to download the “latest firmware update” for their Trezor devices under the guise of fixing a software issue. According to JHDN, the fraudulent email was sent from the address [email protected].
ZachXBT sounded the alarm, stating, “Be careful this person just received a phishing email to the email address associated with their Trezor purchase.” He also raised concerns that this incident could point to a potential data breach either at Trezor or at Evri, the United Kingdom-based delivery company responsible for shipping Trezor devices.
It was further noted that two individuals on Reddit had reported encountering the same Trezor phishing email on the same day.
Trezor’s response and ongoing investigation
In response to the phishing campaign, Josef Tetek, Trezor’s brand ambassador, affirmed the company’s awareness of the situation and confirmed that they are actively investigating the matter. Tetek reassured the public by emphasizing the company’s commitment to combatting such threats.
Tetek stated, “We continuously report fake websites, contact domain registrars, and educate and warn our customers of known risks.” He referred to multiple articles published by Trezor aimed at assisting users in dealing with phishing attacks. One of these articles provides guidance, warning users that phishing emails often redirect them to download an app resembling Trezor Suite. This deceptive app prompts users to connect their wallet and enter their seed phrase.
Crucially, Tetek stressed that Trezor never solicits users’ recovery seed, PIN, or passphrase. He offered a clear warning: “Users should never enter their recovery seed directly into any website, mobile app, or type it into a computer. The only safe way to work with the recovery seed is as per the instructions shown on a connected Trezor hardware wallet.”
Cryptocurrency investors have been grappling with an increasing number of phishing attacks, despite concerted efforts to combat such scams. In a notable incident in September, a prominent crypto investor fell victim to a massive phishing campaign, resulting in the loss of crypto assets worth $24 million. Cybersecurity reports have indicated a 40% surge in cryptocurrency phishing attacks in 2022.
These incidents underscore the ever-present risks faced by participants in the cryptocurrency space. As the industry continues to gain popularity, it is imperative for users to exercise vigilance and adhere to security best practices to safeguard their digital assets.