Here's How You Can Protect Yourself Against Phishing as Trezor is Attacked
Trezor, a popular Bitcoin (BTC) hardware wallet, has revealed that its newsletter has been compromised, warning users of phishing attacks -- but the team's chief information security officer (CISO) shared tips on how to stay crypto-safe just days earlier.
The incident comes several days after Jan Andraščík, CISO of SatoshiLabs, the team behind Trezor, published a detailed guide instructing crypto users on how to improve their security. In the article, Andraščík shared 10 tips that could lower "your chances of being attacked."
In the first place, he emphasized the importance of having strong, unique passwords. He suggested passwords be 12 or more characters and include both lowercase and uppercase characters, digits, and special symbols.
Secondly, he recommended the use of multifactor authentication. There are various types of multifactor authentication, but SMS authentication and software-based authentication are the most widely used methods.
Other tips include:
- use up-to-date software: outdated softwares are vulnerable and a likely vector of attacks for scammers;
- use genuine software: non-genuine softwares usually can provide malicious third-party actors access to operating systems and other files;
- avoid public Wi-Fis: bad actors can use public Wi-Fis to obtain sensitive information;
- beware of phishing attacks: always check the sender, check the text, and check the links shared via messages before clicking them;
- protect from malware: use antivirus and malware protection;
- make sure to know about the latest trends around cyber security;
- backup your data;
- encrypt your data.
The company confirmed the attack in a Sunday morning tweet, saying that they are "investigating a potential data breach of an opt-in newsletter hosted on MailChimp."
Trezor warned that:
"A scam email warning of a data breach is circulating. Do not open any email originating from [email protected], it is a phishing domain."
Some Trezor users took it to Twitter early Sunday to reveal a suspicious email they received from Trezor via their registered email addresses.
The email claims that the company has “experienced a security incident” that breached the data of 106,856 users. It then asks users to download Trezor's latest version, which is actually a version of the company’s desktop suite software from a replica website.
In the recent update, Trezor said "MailChimp has confirmed that their service has been compromised by an insider targeting crypto companies," adding that they have managed to take the phishing domain down.
"We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice," they said. "Please ensure you are using anonymous email addresses for bitcoin-related activity."
Per the April 4 blog post by Trezor, the Mailchimp security team had stated that,
“A malicious actor accessed an internal tool used by customer-facing teams for customer support and account administration. The bad actor gained access to this tool as a result of a successful social engineering attack on Mailchimp employees.”
Importantly for anybody who has been affected, and who is likely to be a target of increasing number of phishing attacks, once they click on the link in the phishing email, they will be directed to download a Trezor Suite clone app, which will then ask the user to connect their wallet and enter their seed – but never enter your seed anywhere unless your Trezor device tells you to do so, says the company.
Once the seed is entered into the malicious app, it is compromised, and the funds will be immediately transferred to the attackers wallet.
“This attack is exceptional in its sophistication and was clearly planned to a high level of detail,” said the company.
They further advised that,
- if you entered your seed into the app, immediately move your assets to a newly generated seed;
- if you clicked on the link but didn’t enter your seed, your funds are not compromised, even if you downloaded the app;
- if you didn’t receive this phishing email, it doesn’t mean your email address has not been leaked, so be on the lookout for this or any subsequent phishing attempts.
The company stated that,
“Your Trezor device has not been affected. Even if your seed is compromised by a phishing attack, you can continue to use the same device by wiping it and creating a new seed.”
Article updated at 11:00 UTC with Trezor's April 4 blog update.
- Bitcoin & Crypto Wallet Hygiene 101
- Crypto Wallet Trends in 2022: More Privacy, Security, Features, and Choice
- Trezor Halted Wallet Shipments to Russia and Ukraine
- Trezor Ditches a Controversial KYC Feature, Plans Features to 'Cut Off Regulatory Overreach'
- Two European Parliament Committees Pass Controversial Crypto Regulation of 'Unhosted Wallets'
- EU Draft Regulation Threatens Crypto Industry But the Fight Is Not Over Yet