On February 28th, Trezor, a popular hardware cryptocurrency wallet provider, has issued a warning to its users about a new phishing attack that targets their crypto investments.
The attackers are trying to steal the private keys of Trezor wallets by luring users into entering their wallet’s recovery phrase on a fake Trezor website.
https://twitter.com/Trezor/status/1630526933199998977
According to the company, the phishing campaign involves attackers posing as Trezor and contacting victims via phone calls, texts, or emails. The attackers claim that there has been a security breach or suspicious activity on the user’s Trezor account and invite them to follow a phishing link to “secure” their Trezor device.
Trezor has urged its users to ignore these messages, emphasizing that the firm will never contact its customers via calls or SMS.
Reports indicate that the latest phishing attack against Trezor customers was launched on February 27, with users being directed to a domain asking them to enter their recovery seed. The domain provides a fake Trezor website that prompts users to start securing their wallets by clicking the “Start” button. After clicking the button, users are asked to provide the recovery phrase for their cryptocurrency wallet.
Cryptocurrency holders are advised to always exercise caution when approached with offers of investment or financial advice and be aware that their digital assets may be at risk of theft. Those who own a hardware wallet such as Trezor are advised to link their devices to a strong password and never share the recovery phrase with anyone or store it in digital form.
Additionally, customers should be vigilant for any signs of phishing and report suspicious activity on Trezor’s website or social media channels.
The warning comes just weeks after The Sandbox, a metaverse firm, suffered a data breach resulting in a phishing email being sent to its users.
Trezor has emphasized that it has not found any evidence of a database breach, and the company has not suffered a security breach.
However, this is not the first time that Trezor wallets have been targeted with phishing attacks. In April 2022, attackers contacted Trezor users posing as the company, asking them to download a fake Trezor app.
Unfortunately, such attacks are not unique to Trezor. In 2020, rival hardware wallet firm Ledger suffered a massive data breach, with attackers publicly exposing the personal information of more than 270,000 Ledger customers.
These phishing attacks highlight the importance of users being vigilant and taking steps to secure their digital assets. It is crucial to only interact with reputable sources and to never provide private keys or recovery phrases to anyone. Users should also enable two-factor authentication on their accounts to add an additional layer of security.
Overall, the crypto industry is still largely unregulated, and it is up to individuals to take responsibility for the safety and security of their digital assets. The threat of phishing attacks is real and growing, making it more important than ever for users to stay informed and take proactive steps to protect themselves.