Trezor Confirms Unauthorized Use of Email Provider Led to Malicious Emails
Hardware wallet provider Trezor has confirmed that the unauthorized use of its third-party email provider led to a spate of malicious emails sent to users over the past 12 hours.
In a statement released on January 24, Trezor disclosed that it had detected an unauthorized email impersonating the company, which was sent from a third-party email provider they utilize.
The malicious email, originating from the address “[email protected],” instructed users to upgrade their “network” or risk losing their funds.
It included a link that directed recipients to a webpage where they were prompted to enter their seed phrase.
Trezor has not confirmed any cases of users losing funds as a result of this phishing attempt, and there have been no reports suggesting that Trezor users fell victim to the scam.
🚨 Security Alert 🚨
We've detected an unauthorized email impersonating Trezor sent from a third-party email provider we use.
If you received a suspicious email with the subject line 'Assets undergoing upgrade' from the ID: [email protected], please do not click any links or… pic.twitter.com/RqQnQkB4hX
— Trezor (@Trezor) January 24, 2024
Trezor Says it Has Deactivated the Malicious Link
Trezor assured its users that it had successfully deactivated the malicious link and emphasized that user funds remained safe as long as the recovery seed was not entered.
“We swiftly managed to deactivate the malicious link within the email text immediately and limited the reach of the threat!”
However, for those who did enter their recovery seed, Trezor asked them to transfer their funds to a new wallet immediately.
Trezor’s ongoing investigation indicates that an unauthorized individual gained access to its database of email addresses for newsletter subscribers and utilized a third-party email service to send the malicious emails.
Notably, MailerLite, an email marketing software firm, recently reported a cybersecurity incident on January 23, which resulted in a series of phishing emails exploiting branded domains, including those owned by Cointelegraph, WalletConnect, and Token Terminal.
Whether Trezor utilizes the same email domain provider remains unclear.
Digital asset lawyer Joe Carlasare shared his personal experience of receiving the phishing email in a post, describing it as a “sophisticated scam.”
Sophisticated scam right here pic.twitter.com/Sys5gcpeC1
— Joe Carlasare (@JoeCarlasare) January 24, 2024
Recent Hack Might be Linked to Breach of Support Portal
Some speculate that this recent attack may be linked to a security breach of Trezor’s support portal in which the contact information of approximately 66,000 users was exposed on January 17.
Despite the breach, the company emphasized that no recovery seed phrases were disclosed as a result of the incident.
At the time, the hardware wallet provider also said it has restricted access to unauthorized actors and has been in the process of contacting the affected users.
It is worth noting that this is not the first time Trezor has faced attempts to compromise user funds.
While being a reputable name in the cryptocurrency hardware wallet industry, Trezor has faced its fair share of security challenges over the years.
In February of the previous year, Trezor warned users about a phishing attack that aimed to steal investor funds by tricking them into entering their recovery phrase on a fake Trezor website.
Additionally, in May, cybersecurity firm Kaspersky reported the emergence of a counterfeit hardware wallet posing as Trezor.
This fraudulent device utilized a replaced microcontroller to gain control of a user’s private keys, enabling the scammers to steal funds.
