Trezor Initiates Investigation as Phishing Campaign Targets Crypto Hardware Wallet Users
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Ad Disclosure
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Trezor, a cryptocurrency hardware wallet company, is currently investigating a potential data breach due to an ongoing email phishing campaign.
On October 26, the anonymous blockchain investigator ZachXBT reported a phishing attack targeting Trezor users via his Telegram channel. ZachXBT cited a post on X (formerly Twitter) from the account JHDN, which raised concerns that Trezor might have experienced a breach.
It looks like Trezor may have been breached? @Trezor @zachxbt #Trezor pic.twitter.com/4lmjZE1Quk
— -_- (@JHDN) October 26, 2023
These concerns were based on the receipt of phishing emails sent to the specific email accounts used for purchasing Trezor wallets, suggesting a potential compromise of user data.
Users reported receiving phishing emails encouraging them to install an app from the domain’ trezor.us,’ which is different from the official ‘trezor.io’ domain.
Trezor is investigating the extent of the breach, and until further notice, users are advised not to click on links from unauthorized sources to safeguard their security. Trezor’s brand ambassador, Josef Tetek, confirmed the awareness of the phishing campaign and outlined the company’s ongoing efforts to combat such threats.
Trezor actively reports fake websites, contacts domain registrars, and educates users on the potential risks associated with phishing attacks.
“Users should never enter their recovery seed directly into any website or mobile app or type it into a computer. The only safe way to work with the recovery seed is as per the instructions shown on a connected Trezor hardware wallet.”
In a previous blog post from 2022, Trezor highlighted the modus operandi of a phishing email scam. Typically, these scams involve users clicking on a link in the email, which directs them to a fraudulent Trezor Suite app. This fake app then prompts users to connect their wallet and input their seed. Once the seed is entered into the app, it becomes compromised, enabling the attacker to swiftly transfer funds to their wallet.
While hardware wallets like Trezor are known for their security features, phishing remains a significant threat in the cryptocurrency space, as it can deceive users into compromising their wallets or private keys.
Crypto Community Faces Rising Threat of Phishing Attacks as Trezor Issues Warnings
Trezor has battled many phishing attempts over the years. The company maintains a real-time blacklist of scam sites and guides users on identifying frauds. It has also warned its users in the past about a new phishing attack targeting their crypto investments by trying to steal their private keys.
Early this year, Trezor took its X account to caution users about an active phishing attack designed to steal investors’ money by making them enter the wallet’s recovery phrase on a fake website. However, it is not only Trezos that is combating phishing. According to some cybersecurity reports, the number of cryptocurrency phishing attacks saw a 40% increase in 2022.
In 2020, rival hardware wallet firm Ledger suffered a massive data breach, with attackers publicly exposing the personal information of more than 270,000 Ledger customers. Also in September, a crypto whale fell victim to a massive phishing attack, losing millions of dollars in staked Ether on the liquid staking provider Rocket Pool.
The investor lost their entire address balance of Lido Staked ETH (stETH) and Rocket Pool ETH (rETH). At the time of the attack, the amount stolen was worth $15.5 million in stETH and $8.5 million in rETH, a staggering $24 million combined.
Cryptocurrency investors have been suffering from multiple phishing attacks, despite many efforts to curb such scams.
- Trump Appoints PayPal Veteran David Sacks as ‘White House AI and Crypto Czar’
- What’s Happening in Crypto Today? Daily Crypto News Digest
- President Trump Signs Executive Order Calling for US Sovereign Wealth Fund Creation
- Ohio Lawmaker Proposes Second Bill to Establish State Bitcoin Reserve
- US SEC Scales Back 50-Member Crypto Enforcement Team: Report






