Trezor alerts users of new phishing attacks

Trezor disclosed this after a February 26 data breach at metaverse startup The Sandbox, which sent users phishing emails.

Trezor, a developer of hardware cryptocurrency wallets, has notified its customers of a new phishing assault aimed at stealing their private keys in order to steal their bitcoin assets.

Trezor resorted to Twitter on February 28 to warn customers of an active phishing assault aimed at stealing investors’ funds by requiring them to input their wallet’s recovery phrase on a bogus Trezor website.

The phishing effort includes attackers masquerading as Trezor and contacting victims through phone calls, texts, or emails with the allegation that a security breach or suspicious behavior has occurred on their Trezor account.

“Trezor Suite has just had a security breach, suppose all your assets are at risk,” says the phishing message, which urges users to click on a link to “protect” their Trezor device.

Trezor said on Twitter, “Please disregard these communications since they are not from Trezor,” underlining that the company would never contact its clients by phone calls or text messages.

The company claimed that Trezor has detected no indications of a database compromise.

According to internet sources, the most recent phishing assault against Trezor consumers was initiated on February 27, with users being sent to a website requesting their recovery seed.

The domain presents a convincingly phony Trezor webpage that instructs visitors to begin wallet security by clicking the “Start” button.

After choosing “Start,” customers will be prompted to enter their cryptocurrency wallet’s recovery phrase.

Self-custody, or “becoming your own bank” by storing your cryptocurrency on a software or hardware non-custodial wallet, is primarily dependent on the wallet’s recovery phrase, also known as private keys.

The security of the recovery phrase is much more crucial than the security of the hardware wallet, because if the private keys are taken, the original owner’s crypto assets no longer belong to them.

The announcement came soon after the metaverse company The Sandbox had a data breach on February 26, which led in the sending of phishing emails to users.

The most recent phishing assault on Trezor users is not the first of its sort. In April 2022, phishing attempts also targeted Trezor wallets, with attackers emailing Trezor customers masquerading as the firm and urging them to download a phony Trezor software.

Nevertheless, such assaults are not exclusive to Trezor. In 2020, the competitor hardware wallet company Ledger had a significant data breach, with attackers revealing the personal information of over 270,000 Ledger clients.