Trezor Initiates Investigation as Phishing Campaign Targets Crypto Hardware Wallet Users

cryptonews.com:

Trezor, a cryptocurrency hardware wallet company, is currently investigating a potential data breach due to an ongoing email phishing campaign.

On October 26, the anonymous blockchain investigator ZachXBT reported a phishing attack targeting Trezor users via his Telegram channel. ZachXBT cited a post on X (formerly Twitter) from the account JHDN, which raised concerns that Trezor might have experienced a breach.

It looks like Trezor may have been breached? @Trezor @zachxbt #Trezor pic.twitter.com/4lmjZE1Quk

— j (@JHDN) October 26, 2023

These concerns were based on the receipt of phishing emails sent to the specific email accounts used for purchasing Trezor wallets, suggesting a potential compromise of user data.

Users reported receiving phishing emails encouraging them to install an app from the domain’ trezor.us,’ which is different from the official ‘trezor.io’ domain.

Trezor is investigating the extent of the breach, and until further notice, users are advised not to click on links from unauthorized sources to safeguard their security. Trezor’s brand ambassador, Josef Tetek, confirmed the awareness of the phishing campaign and outlined the company’s ongoing efforts to combat such threats.

Trezor actively reports fake websites, contacts domain registrars, and educates users on the potential risks associated with phishing attacks.

“Users should never enter their recovery seed directly into any website or mobile app or type it into a computer. The only safe way to work with the recovery seed is as per the instructions shown on a connected Trezor hardware wallet.”

In a previous blog post from 2022, Trezor highlighted the modus operandi of a phishing email scam. Typically, these scams involve users clicking on a link in the