Trezor, a renowned hardware wallet provider, has recently confirmed that a breach involving its third-party email provider led to a series of malicious emails targeting its users. This development highlights ongoing cybersecurity challenges in the digital asset space.
On January 24, Trezor acknowledged the unauthorized use of its email provider to send out phishing emails. These emails, appearing to come from “[email protected],” falsely instructed users to upgrade their network to avoid losing funds, directing them to a malicious link.
Although there are no confirmed reports of users losing funds due to the phishing attempt, the situation remains concerning. Trezor successfully deactivated the malicious link and assured that user funds are safe as long as they don’t enter their recovery seeds. Users who may have compromised their seeds are advised to transfer their funds to a new wallet immediately.
The investigation suggests that the breach originated from unauthorized access to Trezor’s newsletter subscriber database, with the third-party email service being used for the malicious campaign. This incident comes shortly after MailerLite, an email marketing software firm, experienced a cybersecurity incident leading to similar phishing attacks against various entities. However, it’s unclear if Trezor uses MailerLite’s services.
There is speculation that this phishing attack might be linked to a recent breach of Trezor’s support portal, which exposed the contact details of nearly 66,000 users on January 17. Trezor has since restricted unauthorized access and is contacting affected users.
Digital asset lawyer Joe Carlasare reported receiving the phishing email, describing it as a “sophisticated scam” in a January 24 post. Additionally, Trezor had previously warned users in February 2023 about a phishing attack aimed at stealing investor funds through a fake Trezor website.
In May, cybersecurity firm Kaspersky reported the emergence of a counterfeit hardware wallet imitating Trezor. These fraudulent devices, equipped with a tampered microcontroller, posed a risk of private key theft from unsuspecting users.
The recent phishing attack leveraging Trezor’s third-party email provider underscores the persistent cybersecurity threats in the cryptocurrency sector. It highlights the need for continuous vigilance and robust security measures to protect digital assets and personal information. Trezor’s proactive measures and communication are crucial in mitigating the impact of such incidents on its user base.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up