Crypto wallet Trezor investigates phishing campaign

Cryptocurrency hardware wallet provider Trezor is currently investigating a phishing campaign that has targeted its users. The company became aware of the issue after receiving reports of phishing emails being sent to its customers.

Reports of phishing attack surface

An anonymous blockchain investigator, ZachXBT, alerted users to the phishing attack on his Telegram channel on October 26. The attack specifically targeted customers of Trezor.

The investigator referred to a Twitter post from the account JHDN, which claimed that Trezor may have experienced a data breach. The post mentioned that the phishing emails were sent to the email account used for purchasing the Trezor wallet.

Phishing email details

The phishing email, similar to previous attacks targeting Trezor users, prompts recipients to download the "latest firmware update" for their Trezor devices. The email claims that the update is necessary to fix a software issue. According to the person who reported the incident, the phishing email was sent from the email address [email protected].

Two other individuals on Reddit also reported receiving the same phishing email.

Trezor's response

Josef Tetek, Trezor's brand ambassador, confirmed that the company is aware of the ongoing phishing campaign and is actively investigating the matter. Tetek stated that Trezor regularly reports fake websites, contacts domain registrars, and educates customers about the risks associated with phishing attacks.

Trezor advises its users to be cautious when encountering phishing emails that redirect them to download a fake Trezor Suite app. These apps often request users to connect their wallet and enter their recovery seed. By doing so, the user's seed is compromised, and their funds are immediately transferred to the attacker's wallet.

Trezor emphasizes that it never asks users to provide their recovery seed, PIN, or passphrase. Users should only follow the instructions displayed on their connected Trezor hardware wallet when working with their recovery seed.

Rising number of phishing attacks

Despite efforts to combat phishing scams, cryptocurrency investors continue to be targeted. In September, a prominent crypto investor reportedly lost $24 million worth of crypto assets in a major phishing campaign. Cybersecurity reports indicate that the number of cryptocurrency phishing attacks increased by 40% in 2022.

Additional reporting by Felix Ng from Cointelegraph.