Trezor

Beware of phishing attack on Trezor wallets: Here’s what you need to know

Hardware cryptocurrency wallet provider Trezor Wallet has issued a warning to its users about a new phishing attack targeting investors’ crypto investments. On February 28, Trezor took to Twitter to alert users of an active scam that tries to steal private keys by asking them to enter their wallet’s recovery phrase on a fake website. The company urged users to remain vigilant and not to share their recovery phrases with anyone.

The phishing scam

Trezor Suite has recently been targeted in a phishing campaign by attackers pretending to be Trezor, who are contacting victims via phone calls, texts, or emails claiming that their Trezor account has experienced a security breach or suspicious activity.

These messages urge users to follow a link that purports to “secure” their device; however, Trezor has emphatically stated that these messages are not from them and should be ignored. Furthermore, no evidence of a database breach has been found. As such, any communications from Trezor Wallet will only come via official channels and never over unsolicited phone calls or SMS messages.

On February 27, this phishing attack targeting Trezor customers was reported online. The scam directed users to a malicious website that posed as the official Trezor page, prompting them to enter their recovery seed and click the “Start” button to secure their wallet. The fraudulent domain contained an expertly crafted replica of the legitimate Trezor website.

Phishing attacks in the crypto industry

On February 26, metaverse firm The Sandbox suffered a data breach that resulted in a phishing email sent out to users. This latest attack against Trezor Wallet customers is not an isolated incident as the wallet provider was already targeted with similar attacks in April 2022. At this time, scammers posed as Trezor representatives and asked users to download a fake Trezor app. Unfortunately, this kind of attack is not exclusive to Trezor Wallet either. In 2020, competitor Ledger experienced a major data breach that resulted in the public exposure of personal information belonging to over 270,000 of its customers.