Crypto hardware wallet Trezor confirms newsletter phishing attack
Trezor, a cryptocurrency hardware wallet provider is the latest company targeted cybercriminals. The hackers sent out fake data breach notifications to the crypto wallet users through the company’s mailing l.
For the uninitiated, cryptocurrencies (Ethereum, Bitcoin, etc) and NFTs are stored in something called as — crypto wallet. These wallets are both offline (hardware) and online (on-cloud). Cyber security experts advise to use hardware wallets because it is safer and more reliable.
To access any crypto wallet, you need something called a passcode, which is similar to your password. While creating an account on Trezor, users are sent a 12 to 24 word recovery seed (password) that allows owners to gain access to their wallets, in case their device is stolen. However, anyone who knows this recovery seed can gain access to your wallet and its stored cryptocurrencies.
The fake email notification sent out hackers promoted users to download a fake Trezor Suite software that would steal their recovery seeds. “We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers, and that the wallet associated with your e-mail address [email here] is within those affected the breach,” reads fake Trezor data breach phishing email.
After the user clicks on the download button to install the fake software a phishing site appears in the browser as suite.trezor.com. The website uses Punycode characters that allows the attackers to impersonate the trezor.com domain using accented or Cyrillic characters. It should be noted that the legitimate Trezor website is trezor.io.
The company in a tweet confirmed the phishing attack. “MailChimp have confirmed that their service has been compromised an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected,” the company said.
The company issued a warning and said it will not be communicating newsletter until the situation is resolved. “Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity,” the company added.
Earlier this month, the company behind the best-selling NFTs Bored Yacht Ape Club (BAYC) warned users that its instant messaging platform Discord was hacked and “briefly compromised,” telling users not to mint — the process of taking a digital asset and converting its to a digital file stored on a blockchain — any Apes on its platform.