Vote for Cryptopolitan on Binance Square Creator Awards 2024. Click here to support our content!

Beware of phishing attack on Trezor wallets: Here’s what you need to know

Beware of phishing attack on Trezor wallets: Here’s what you need to knowBeware of phishing attack on Trezor wallets: Here’s what you need to know
273253

In this post:

  • Trezor has issued a warning to its users about a new phishing attack targeting investors’ crypto investments.
  • The company urged users to remain vigilant and not to share their recovery phrases with anyone.

Hardware cryptocurrency wallet provider Trezor has issued a warning to its users about a new phishing attack targeting investors’ crypto investments. On February 28, Trezor took to Twitter to alert users of an active scam that tries to steal private keys by asking them to enter their wallet’s recovery phrase on a fake website. The company urged users to remain vigilant and not to share their recovery phrases with anyone.

The phishing scam

Trezor Suite has recently been targeted in a phishing campaign by attackers pretending to be Trezor, who are contacting victims via phone calls, texts, or emails claiming that their Trezor account has experienced a security breach or suspicious activity.

These messages urge users to follow a link that purports to “secure” their device; however, Trezor has emphatically stated that these messages are not from them and should be ignored. Furthermore, no evidence of a database breach has been found. As such, any communications from Trezor will only come via official channels and never over unsolicited phone calls or SMS messages.

On February 27, this phishing attack targeting Trezor customers was reported online. The scam directed users to a malicious website that posed as the official Trezor page, prompting them to enter their recovery seed and click the “Start” button to secure their wallet. The fraudulent domain contained an expertly crafted replica of the legitimate Trezor website.

Read Also  Trezor investigates online fraud targeting crypto wallet users
image 26
A screenshot from a phishing domain copying Trezor’s website. Source: Bleeping Computer

Clicking the “Start” button will prompt users to enter their cryptocurrency wallet’s recovery phrase, also known as private keys. Private keys are essential for self-custody, which is a way of “being your own bank” by storing crypto on a non-custodial software or hardware wallet. The security of private keys is paramount, as any theft of the phrase will strip the original owner of their crypto holdings.

Phishing attacks in the crypto industry

On February 26, metaverse firm The Sandbox suffered a data breach that resulted in a phishing email sent out to users. This latest attack against Trezor customers is not an isolated incident as the wallet provider was already targeted with similar attacks in April 2022. At this time, scammers posed as Trezor representatives and asked users to download a fake Trezor app. Unfortunately, this kind of attack is not exclusive to Trezor either. In 2020, competitor Ledger experienced a major data breach that resulted in the public exposure of personal information belonging to over 270,000 of its customers.

From Zero to Web3 Pro: Your 90-Day Career Launch Plan

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Editor's choice

Loading Editor's Choice articles...

Stay on top of crypto news, get daily updates in your inbox

Most read

Loading Most Read articles...
Subscribe to CryptoPolitan