Trezor, a cryptocurrency hardware wallet provider, is currently investigating a phishing campaign after receiving reports from users who received phishing emails. An anonymous blockchain investigator, ZachXBT, alerted users to this phishing attack targeting Trezor customers via his Telegram channel.
According to ZachXBT, the phishing email urges users to download the “latest firmware update” for their Trezor devices under the guise of fixing a software issue. This suspicious email was reported to come from the address firstname.lastname@example.org.
Trezor’s brand ambassador, Josef Tetek, confirmed that the company is aware of this phishing campaign and actively working to address it. He emphasized that Trezor never requests users’ recovery seeds, PINs, or passphrases. Additionally, the company continuously reports fake websites, contacts domain registrars, and educates users on how to recognize and respond to phishing threats. A common tactic of such phishing attacks involves redirecting users to a fraudulent Trezor Suite application that asks for their seed. When users input their seed, it becomes compromised, and their funds are transferred to the attacker’s wallet.
Trezor’s commitment to user safety is a top priority. The company advises users never to enter their recovery seeds directly into any website, mobile app, or computer. Trezor’s instructions for working with the recovery seed are shown on a connected Trezor hardware wallet and should be followed as directed.
Despite ongoing efforts to prevent phishing scams, cryptocurrency investors remain vulnerable to these attacks. Reports indicate a significant increase in cryptocurrency phishing attacks, highlighting the importance of user education and vigilance.
The company is actively working to protect users from phishing attacks and address this latest campaign.