A phishing campaign based on a fake Trezor data breach is in the wild, aimed at streaking the cryptocurrencies of Trezor users.
The email campaign persuades users to go through a security process citing a data breach incident, where it includes a Trezor login site-themed phishing page – awaiting users’ credentials to steal. Trezor acknowledged this campaign and warned users to stay vigilant.
Aimed at Stealing Your Credentials
Trezor, the hardware wallet that stores your cryptocurrencies more securely than cloud-based wallets, is now the theme for a grand phishing campaign.
☣ AS22612 [18.104.22.168]
— Mich (@dubstard) February 28, 2023
Starting on February 27th, Trezor customers began receiving SMS and emails citing a fake data breach incident at the company and asking users to go through a security process to keep themselves safe.
“Trezor Suite has recently endured a security breach, assuming all your assets are vulnerable and asks the users to go through a security procedure”
Following the above context is a domain link asking users to visit. Well, this is a phishing page crafted similarly to the Trezor login site – with fields awaiting user entries. Unsuspecting users who enter their wallet credentials (seed phrase) will be stolen by the threat actors, who use them for exporting your cryptocurrencies to their own wallets.
Trezor is aware of this phishing campaign and asked users to be aware of it. The company noted no evidence of a recent data breach in its systems and asked users to be vigilant. While it is not known how the threat actors got their hands on the Trezor customers’ database, it’s assumed to be a result of the MailChimp breach in March 2022.
???? Beware of the active phishing scam!
The attackers contact the victims via phone call, SMS and/or email to say that there’s been a security breach or suspicious activity on their Trezor account.
➡️ Please ignore these messages as they are not from Trezor. ⬅️
More info in???????? pic.twitter.com/nzfSzfwcZ1
— Trezor (@Trezor) February 28, 2023
The email marketing company has earlier said that the data of over 100 customers of it has been stolen, which mostly contained cryptocurrency and finance companies. Hoping this to be the cause, users holding any cryptocurrency wallet are advised not to share their credentials anywhere and risk their assets of theft.