Cryptocurrency hardware wallet provider Trezor has warned its users of a new phishing attack targeting their crypto investments by trying to steal their private keys.
Trezor took to Twitter on February 28 to warn users of an active phishing attack designed to steal investors’ money by tricking them into entering the wallet recovery phrase on a fake Trezor website.
The phishing campaign involves attackers impersonating Trezor and contacting victims via phone calls, text messages or emails claiming that there has been a security breach or suspicious activity on their Trezor account.
“Trezor Suite recently suffered a security breach, assume all your assets are vulnerable,” reads the fake message, prompting users to follow a phishing link to “secure” their Trezor device.
“Please disregard these messages as they are not from Trezor,” Trezor said on Twitter, stressing that the company will never contact its customers by call or text. The company added that Trezor found no evidence of a database breach.
According to online reports, the latest phishing attack against Trezor customers was spear on February 27, with users directed to a domain asking to enter their recovery seed. The domain provides a perfectly designed fake Trezor website that prompts users to start securing their wallet by clicking the “Get Started” button.
After clicking the “Get Started” button, users will be prompted to provide their cryptocurrency wallet recovery phrase.
The wallet recovery phrase, also known as the private keys, is the most important part of self-custody, or “being your own bank” by keeping your crypto on a non-custodial software or hardware wallet. The security of the recovery phrase is far more important than the protection of the hardware wallet, and once the private keys are stolen, it means that the crypto assets no longer belong to their original owner.
Related: Notorious Crypto Scam Monkey Drainer Says It’s “Shutting Down”
The news came shortly after metaverse firm The Sandbox suffered a data breach on February 26, which resulted in a phishing email being sent to users.
The latest phishing attack against Trezor customers is not the first such scam. Trezor wallets were also the target of phishing attacks in April 2022, with attackers contacting Trezor users posing as the company, asking them to download a fake Trezor app.
Such attacks are not exclusive to Trezor, however. In 2020, rival hardware wallet company Ledger suffered a massive data breach, with attackers publicly exposing the personal information of more than 270,000 Ledger customers.
