Hardware cryptocurrency wallet company Trezor has warned its customers about an ongoing phishing campaign that’s sending out fake data breach notifications to customers in an attempt to steal their wallet and corresponding assets.
Trezor customers have received these SMS and email phishing messages since at least February 27. The message prompts users to visit a specific site to secure their devices. The listed domain is a fake Trezor site with a message telling users their assets might be at risk prompting them to secure their wallets by clicking a call to action button labelled Start underneath.
The site then asks for the user’s recovery seed. The recovery seed is automatically generated when you create your Trezor account and is a 12 or 24-word phrase that can be used to recover a wallet in case it’s lost, stolen or starts malfunctioning. Once the recovery seed is extracted, the threat actors can easily take over the wallet and transfer assets to another address.
Trezor is aware of the campaign and has reported no evidence of a recent data breach. While the origin of these messages is unknown at the moment, it’s likely that the March 2022 or January 2023 Mailchimp breach could’ve leaked customer information allowing the threat actors to target users at this scale.
Trezor had faced a similar attack previously in April 2022 as well right after the Mailchimp breach where threat actors used the leaked marketing list to send fake data breach notifications to the crypto wallet company’s customers. The message lead customers to a fake Trezor Suite and asked them to enter their recovery seed, hence stealing their crypto assets.
In the News: OpenAI won’t use customer data anymore to train models