Cryptocurrency hardware wallet provider Trezor is investigating a recent phishing campaign, as users have reported receiving phishing emails.
The anonymous blockchain sleuth ZachXBT took to his Telegram channel on Oct. 26 to alert users to a phishing attack targeting Trezor customers.
ZachXBT referred to an X (formerly Twitter) post from the account JHDN, which alleged that Trezor may have been breached after receiving phishing emails on the email account used specifically for buying the wallet.
In a similar manner to some Trezor-related phishing attacks in the past, the phishing email invites users to download the “latest firmware update” to users’ Trezor devices in order to “fix an issue in software.” According to the poster, the malicious email was sent from the email amministrazione@sideagroup.com.
It looks like Trezor may have been breached? @Trezor @zachxbt #Trezor pic.twitter.com/4lmjZE1Quk
— j (@JHDN) October 26, 2023
“Be careful this person just received a phishing email to the email address associated with their Trezor purchase,” ZachXBT wrote, adding that the social media report could point to a potential data breach for Trezor or Evri, the United Kingdom delivery company that ships Trezor devices.
ZachXBT mentioned that two other people on Reddit complained about the same Trezor phishing email today.
According to Trezor’s brand ambassador, Josef Tetek, the firm is aware of the ongoing phishing campaign and is actively looking into it.
“We continuously report fake websites, contact domain registrars, and educate and warn our customers of known risks,” Tetek said, referring to multiple articles aiming to help users deal with phishing attacks. One such article says that phishing emails often redirect to download a Trezor Suite lookalike app that will ask users to connect their wallet and enter their seed.
Related: Scammers create Blockworks clone site to drain crypto wallets
“The seed is compromised once you enter it into the app, and your funds will then be immediately transferred to the attacker’s wallet,” the page reads.
Tetek emphasized that Trezor never asks for users’…
..