Hardware cryptocurrency wallet provider Trezor is warning its users of a new phishing attack that targets their crypto investments by attempting to steal their private keys. Trezor alerted users on Twitter on Feb. 28 to an active phishing attack designed to steal investors' funds by having them enter their wallet's seed phrase on a fake Trezor website.
Phishing campaigns involve attackers impersonating a Trezor and contacting victims by phone, text message, or email, claiming a security breach or suspicious activity on their Trezor account.
“Trezor Suite recently suffered a security breach, assuming all your assets are vulnerable,” reads the false message, inviting users to click on a phishing link to “secure” their Trezor device. "Please ignore these messages as they are not from Trezor," Trezor declared on Twitter, emphasizing that the company will never contact its customers by phone or text. Trezor found no evidence of any database breaches, the company added.
According to online reports, the latest phishing attack against Trezor customers was launched on February 27, with users being directed to a domain asking to enter their recovery seed. This domain serves up a perfectly crafted fake Trezor website that prompts users to start securing their wallets by clicking on the "Start" button. After clicking the "Go" button, the user will be asked to provide the seed phrase of their cryptocurrency wallet.
The wallet's seed phrase or private key is the most important part of self-custody, keeping your cryptocurrencies in a software or hardware non-custodial wallet. The security of the recovery phrase is more important than keeping the hardware wallet secure. Once the private key is stolen, it means that the encrypted asset no longer belongs to its original owner.
The news comes shortly after metaverse company The Sandbox suffered a data breach on February 26, resulting in a phishing email being sent to users. The latest phishing attack targeting Trezor customers isn't the first such scam. In April 2022, Trezor wallets were also the target of phishing attacks, where attackers impersonated companies to contact Trezor users and asked them to download fake Trezor apps.
Such attacks are not unique to Trezor, though. In 2020, rival hardware wallet company Ledger suffered a massive data breach in which attackers publicly exposed the personal information of more than 270,000 Ledger customers.
