Scam alert: Trezor warns users of new phishing attack

Hardware cryptocurrency wallet provider Trezor has warned its users about a new phishing attack targeting their crypto investments by trying to steal their private keys.

Trezor took to Twitter on Feb. 28 to caution users about an active phishing attack designed to steal investors’ money by making them enter the wallet’s recovery phrase on a fake Trezor website.

The phishing campaign involves attackers posing as Trezor and contacting victims via phone calls, texts or emails claiming that there has been a security breach or suspicious activity on their Trezor account.

“Trezor Suite has recently endured a security breach, assume all your assets are vulnerable,” the fake message reads, inviting users to follow a phishing link to “secure” their Trezor device.

“Please ignore these messages as they are not from Trezor,” Trezor declared on Twitter, emphasizing that the firm will never contact its customers via calls or SMS. The firm added that Trezor has not found any evidence of a database breach.

A fake SMS from scammers posing as Trezor. Source: Twitter

According to online reports, the latest phishing attack against Trezor customers was launched on Feb. 27, with users being directed to a domain asking to enter their recovery seed. The domain provides a perfectly-made fake Trezor website that prompts users to start securing their wallet by clicking the “Start” button.

A screenshot from a phishing domain copying Trezor’s website. Source: Bleeping Computer

After clicking the “Start” button, users will be asked to provide the recovery phrase for their cryptocurrency wallet.

The wallet’s recovery phrase, also known as private keys, is the most important part of self-custody, or “being your own bank” by keeping your crypto on a software or hardware non-custodial wallet. The safety of the recovery phrase is way more important than keeping the hardware wallet safe, and once the private keys are stolen, it means that crypto holdings no longer belong to their original owner.

Related: Notorious Monkey Drainer crypto scammer says they’re ‘shutting down’

The news came shortly after metaverse firm The Sandbox suffered a data breach on Feb. 26, that resulted in a phishing email sent to users.

The latest phishing attack against Trezor customers is not the first scam of such kind. Trezor wallets were also targeted with phishing attacks in April 2022, with attackers contacting Trezor users posing as the company, asking them to download a fake Trezor app.

Such attacks are not exclusive to Trezor though. In 2020, rival hardware wallet firm Ledger suffered a massive data breach, with attackers publicly exposing personal information of more than 270,000 Ledger customers.

All Dutch and English crypto news!

FTX former execs and promotors to settle class lawsuit for $1.3M

Former FTX and Alameda executives agreed to share information to aid in the class group’s legal fight against other alleged FTX promoters. News Own this piece of...

Bitcoin Cash open interest surges past $700M ahead of BCH halving

Bitcoin Cash hasn’t seen open interest at this level since May 2021, when its price was nearly 2.5 times higher. Markets News Own this piece of crypto...

New Bitcoin ETFs now hold 500,000 BTC and GBTC outflows slow

The newly launched spot Bitcoin ETFs, excluding Grayscale have now amassed $35 billion worth of Bitcoin in just 54 days of trading. News Own this piece of...

Ben je nog op tijd om in te stappen in Fetch.ai?

Een van de heetste crypto’s van 2024 is Fetch.ai. De laatste twee letters verklappen eigenlijk al wat voor soort crypto dit is, Fetch doet van...

Beste exchanges

Koop je crypto bij Bitvavo