A new phishing campaign targeting cryptocurrency hardware wallet company Trezor has been detected.
These wallets allow cryptocurrency users to store their funds offline, rather than in a “hot wallet” (mobile or desktop app), or with a third party (exchange, custody service, or lending/borrowing company). Hardware wallets, also known as “cold wallets” are generally seen as a more secure way to store cryptocurrency, compared to the alternatives.
This also means that anyone who is serious about cryptocurrency (and has a large amount) is likely to keep them in cold storage, making Trezor users an attractive target for cybercriminals.
Securing the hacked wallet
In this new campaign, Trezor users have begun receiving SMS messages warning them of a “data breach” at the company, and urging them to “secure” their devices immediately. The SMS also comes with a hyperlink that victims must visit.
Trezor Suite recently suffered a security breach, assume all your assets are at risk. Please follow security measures to secure your assets: https://www.techradar.com/news/major-new-crypto-wallet-phishing-campaign-targets-trezor-usersthe message says.
Anyone who visits the link will see a fake Trezor site with the message “Your assets may be at risk!” and a start button where users can “lock” their assets. The first step in this process is to introduce the seeds of recovery.
> Mailchimp suffers another major data breach following an employee hack
> Coinbase cryptocurrency exchange hacked, sensitive data stolen
> These are the best endpoint protection services out there right now
The recovery seed, which is a string of 12 or 24 words, is used to recover the wallet, if the old device is stolen or damaged. Whoever has the initial phrase can recover the wallet and have full access to the funds. So, if the victim ends up entering this information on a phishing page, they give the attackers full access to their wallet, which they can later use to wipe out any and all funds in the account.
Trezor was alerted to the new campaign and took to Twitter to warn its customers that they were being impersonated, and it does not fail the trick. The company also said that it is not aware of any new data breaches, so the attackers likely obtained emails from Trezor users in the previous MailChimp incident.
- Check out the best firewalls now