Cryptocurrency hardware provider, Trezor, has issued a warning to its customers regarding a recent phishing campaign that targeted users with convincing scam emails. Trezor creates hardware devices that allow customers to securely store their digital currency offline, offering a safer alternative to online storage methods.
Over the weekend, numerous customers took to Twitter to report receiving an email claiming that a data breach had affected over 100,000 Trezor customers. The fraudulent email alleged that a “malicious actor” had breached Trezor Suite servers, gaining access to customers’ wallets. Recipients were instructed to download the latest version of the application to safeguard their crypto assets. However, the real intention behind this request was to steal users’ recovery codes, which are essential for recovering wallets in case of device loss or theft.
The phishing email, written in flawless English, was sent from a deceptive “trezor.us” domain, as opposed to Trezor’s official domain, “trezor.io.” Trezor later confirmed that the scammers exploited a newsletter hosted on MailChimp, a popular email marketing service, to obtain customer details.
In response to the incident, Trezor took the phishing domain offline and announced on Twitter that they are working to determine the extent of the email address compromise. They advised customers not to open any emails purportedly from Trezor and recommended using anonymous email addresses for bitcoin-related activities until further notice.
Jake Moore, a cybersecurity advisor at ESET, highlighted the attractiveness of cryptocurrency-related scams to cybercriminals seeking substantial financial gains. He emphasized the importance of remaining vigilant against phishing attempts, particularly in the context of cryptocurrency communications.
As the threat of phishing attacks continues to pose a risk to cryptocurrency investors, it is crucial for users to exercise caution and verify the legitimacy of all communications, especially those related to digital assets. By staying alert and adopting best practices for online security, individuals can better protect themselves from falling victim to fraudulent schemes.