Trezor, a provider of cryptocurrency hardware wallets, is investigating a recent phishing campaign after users reported receiving fraudulent emails.
ZachXBT, an anonymous blockchain investigator, posted a warning on his Telegram channel on October 26 regarding a fraud attack targeting Trezor customers.
ZachXBT referred to an X (previously Twitter) post from the account JHDN, which claimed that Trezor may have been compromised due to fraudulent emails sent to the email address used to purchase the wallet.
Like previous Trezor-related phishing attacks, the phishing email encourages recipients to obtain the “latest firmware update” for their Trezor devices to “fix a software issue.” According to the poster, the deceptive email originated from [email protected].
“Be careful, this person just received a phishing email to the email address associated with their Trezor purchase,” ZachXBT wrote, adding that the social media report may indicate a data breach at Trezor or Evri, the United Kingdom delivery company that distributes Trezor devices.
Today, according to ZachXBT, two other Reddit users complained about the same Trezor fraudulent email.
According to Trezor’s brand ambassador, Jose Tetek, the company is actively investigating the ongoing phishing campaign.
“We continuously report fake websites, contact domain registrars, and educate and warn our customers of known risks,” Tetek said, alluding to several articles aimed at assisting users in combating phishing attacks.
According to one report, phishing emails frequently direct recipients to download a Trezor Suite-like app that prompts them to connect their wallet and input their seed.
“Once you enter the seed into the app, it is compromised, and your funds are immediately transferred to the attacker’s wallet,” the page states.
Tetek emphasized that Trezor never requests the recovery seed, PIN, or passphrase of its users and added:
“Users should never enter their recovery seed directly into any website, or mobile app or type it into a computer. The only safe way to work with the recovery seed is as per the instructions shown on a connected Trezor hardware wallet.”
Despite numerous efforts to prevent such schemes, multiple phishing attacks have targeted cryptocurrency investors. In September, a prominent crypto investor reportedly lost $24 million worth of crypto assets to a massive phishing campaign.
In 2022, there was a 40% increase in cryptocurrency phishing attacks, according to some cybersecurity reports.
