Hardware wallet manufacturer Trezor confirmed that a series of malicious emails sent to users in the last 24 hours originated from an unauthorized use of a third-party email service provider. On January 24, the Trezor team announced the detection of an unauthorized email sent from a third-party email provider used by the company that impersonated Trezor.
The malicious email, sent from “noreply@trezor.io,” contained a link directing wallet owners to a webpage where they were urged to enter their seed phrase information, under the pretense of needing to upgrade their network or risk losing funds. Trezor has not yet confirmed if any users lost money due to the phishing attempt and no reports of such incidents have been shared by the company.
Trezor successfully disabled the malicious link and assured that funds would remain safe if users did not enter their seed phase information on the fake website. For those who did, Trezor is urging users to transfer their funds to a new wallet immediately.
The investigation by Trezor pointed to an unauthorized individual accessing the email database of newsletter subscribers and using a third-party email service to send out the malicious email. The connection to the same email domain provider used by Trezor is not clear, and some believe the attack may be related to a recent security breach at Trezor’s support portal on January 17, which exposed the contact information of about 66,000 users.
Crypto asset attorney Joe Carlasare reported receiving the phishing email on January 24, describing it as a sophisticated scam. In February 2023, Trezor warned users about a phishing attack designed to steal investor funds by tricking them into entering their wallet’s seed phase information on a fake Trezor website.