Cryptocurrency hardware company Trezor has confirmed an ongoing multi-channel phishing campaign designed to trick customers into granting access to their wallets.
“Attackers will contact victims via phone, SMS, and/or email to inform them of a security breach or suspicious activity on their Trezor accounts,” the company warns. Twitter post.
“We found no evidence of a recent database breach. We will not contact you by phone or SMS.”
Trezor offers a hardware-based wallet for users to store cryptocurrencies. While this is nominally a more secure method than software-based wallets, fraudsters can gain access to funds if users are tricked into giving them a “recovery seed.”
The 12-character or 24-character password is intended to allow users with lost, stolen, or broken devices to recover their wallets on another device.
A user posted a screenshot of a phishing campaign on Twitter. in one message, Trezor impersonation notification It urges users to upgrade their wallets because it “failed to complete the new Ethereum merge”.
In another example, the user is notified that “Trezor Suite recently endured a security breach” and must follow a link to “Protect your assets”.
Doing so will take you to a phishing page disguised as a legitimate Trezor site.
“At this time, it is technically impossible to accurately assess the extent of a data breach. Due to these circumstances, it is necessary to assume that all assets are currently at risk if you have recently used the Trezor Suite. In the spirit of transparency, we would like our customers to be made aware of this incident.” it says.
“We feel that time is of the essence and we are working on our investigations properly. If you receive this message, it means you are affected by a breach. Protect all assets. To do so, please follow our asset protection procedures.”
Clicking the “Start” button takes the victim to a page where they enter the recovery seed.
This isn’t the first time Trezor users have been targeted in this way. Last April, his highly convincing phishing campaign was sent to users after contact details were stolen from MailChimp-hosted newsletter mailing lists.
