Trezor Users Beware: Third-Party Email Provider Compromised in Malicious Attack

Hardware wallet provider Trezor has acknowledged that its third-party email provider was compromised, leading to a series of malicious emails sent to users in the last 12 hours.

The deceptive emails, appearing to be from “[email protected],” prompt recipients to upgrade their “network” or risk losing their funds. The message includes a harmful link redirecting users to a webpage requesting their seed phrase.

Trezor Issues Warning on Malicious Emails

In its latest update on X, Trezor revealed that it promptly deactivated the malicious link and contained the potential threat. While the link itself is harmless as admitted by the company, user funds remain secure unless the recovery seed was entered.

Trezor advised affected users to swiftly transfer their funds to a new wallet for added security.

“The unauthorized email impersonating Trezor using our domain addressed subscribers to our newsletter. If you have not disclosed your 12 or 24-word recovery seed through any online form, your assets remain secure. If you have entered your recovery seed in any form, particularly one that was sent via email, it is crucial to transfer your funds to a new wallet immediately.”

Earlier this week, Trezor raised a security warning following the detection of a data breach on January 17, that resulted from unauthorized access to their third-party support ticketing portal.

Although the incident did not compromise any user funds, approximately 66,000 users who engaged with Trezor Support since December 2021 might have had their names or usernames, along with email addresses, exposed to an unauthorized party.

Coordinated Phishing Scheme Exposed

This development follows a series of coordinated phishing attacks, where investors have reported receiving fraudulent emails purportedly originating from various platforms, including decentralized applications and the crypto wallet bridge provider WalletConnect.

The fraudulent emails also claimed association with the full stack on-chain data platform Token Terminal, the decentralized finance portfolio tracker De.Fi, and the crypto media outlet Cointelegraph.

Experts shared screenshots indicating that every email featured enticing offers of fraudulent airdrops designed to trick users into taking action. Despite having a common objective, the scammers provided various reasons to justify the claimed airdrops in the emails.