Trezor, a hardware wallet provider, has confirmed that a series of malicious emails sent to users over the past 24 hours resulted from the unauthorized use of its third-party email provider. Trezor detected an unauthorized email, purportedly from Trezor but sent from a third-party email provider, instructing users to upgrade their "network" under the threat of fund loss. The email provided a malicious link to a web page where users were prompted to enter a mnemonic phrase. Trezor has deactivated the malicious link and assured users that if they haven't entered a recovery seed, their funds are safe. For those who did, Trezor advises transferring funds to a new wallet immediately.
While Trezor has not confirmed any fund losses due to phishing attempts, it revealed that an unauthorized individual accessed its database of email addresses of newsletter subscribers to send the malicious emails using a third-party email service. This incident comes shortly after MailerLite, an email marketing software company, suffered a cybersecurity incident leading to phishing emails using branded domains, resulting in over $3.3 million in losses. However, it remains unclear whether Trezor used the same email domain provider. Some believe the attack might be linked to a recent security breach in the Trezor support portal, exposing contact information for nearly 66,000 users on January 17.
The hardware wallet provider urged affected users to transfer their funds to a new wallet immediately if they entered a recovery seed. Trezor emphasized that user funds remain secure if the recovery seed was not compromised. Digital asset attorney Joe Carlasare revealed having personally received the phishing email, describing it as a "sophisticated scam." In February 2023, Trezor warned users of a phishing attack aimed at stealing funds by tricking users into entering their wallet's recovery phrase on a fake Trezor website. Later in May, cybersecurity firm Kaspersky discovered a fake hardware wallet impersonating Trezor in the market, with fraudsters attempting to steal funds through a replacement microcontroller to take control of users' private keys.
