Trezor Users Beware: Third-Party Email Provider Compromised in Malicious Attack
Trezor has not verified whether any users suffered financial losses as a result of the phishing attempt.
Hardware wallet provider Trezor has acknowledged that its third-party email provider was compromised, leading to a series of malicious emails sent to users in the last 12 hours.
The deceptive emails, appearing to be from “[email protected],” prompt recipients to upgrade their “network” or risk losing their funds. The message includes a harmful link redirecting users to a webpage requesting their seed phrase.
Trezor Issues Warning on Malicious Emails
In its latest update on X, Trezor revealed that it promptly deactivated the malicious link and contained the potential threat. While the link itself is harmless as admitted by the company, user funds remain secure unless the recovery seed was entered.
Trezor advised affected users to swiftly transfer their funds to a new wallet for added security.
“The unauthorized email impersonating Trezor using our domain addressed subscribers to our newsletter. If you have not disclosed your 12 or 24-word recovery seed through any online form, your assets remain secure. If you have entered your recovery seed in any form, particularly one that was sent via email, it is crucial to transfer your funds to a new wallet immediately.”
Earlier this week, Trezor raised a security warning following the detection of a data breach on January 17, that resulted from unauthorized access to their third-party support ticketing portal.
Although the incident did not compromise any user funds, approximately 66,000 users who engaged with Trezor Support since December 2021 might have had their names or usernames, along with email addresses, exposed to an unauthorized party.
Coordinated Phishing Scheme Exposed
This development follows a series of coordinated phishing attacks, where investors have reported receiving fraudulent emails purportedly originating from various platforms, including decentralized applications and the crypto wallet bridge provider WalletConnect.
The fraudulent emails also claimed association with the full stack on-chain data platform Token Terminal, the decentralized finance portfolio tracker De.Fi, and the crypto media outlet Cointelegraph.
Experts shared screenshots indicating that every email featured enticing offers of fraudulent airdrops designed to trick users into taking action. Despite having a common objective, the scammers provided various reasons to justify the claimed airdrops in the emails.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
AAVE breaks above $190
UNI breaks through $9
BlackRock’s IBIT sets record $1.1 billion in daily inflows
Bitcoin hits a new all-time high as Vantard’s presale enters the next stage