Trezor has warned users of its hardware wallet about a phishing scam it said was related to an earlier hack on one of its competitors. The company said the attackers claim a user’s wallet has been disabled, before redirecting to a clone site to steal their credentials.
In a blog post, Trezor revealed that the attackers have been sending its users emails claiming they need to pass verification due to new KYC regulations. It then provided a website that’s a replica of wallet.trezor.io on which the users can supposedly verify their identity. This site requests the users to key in their recovery seed, giving the attackers full control of the wallet.
Trezor reminded its users that they “will not be asked to enter their seed anywhere other than on their Trezor device.” It also assured its users that all their funds are safe and that no Trezor customer data has been leaked.
“We continue to operate under a policy where we anonymize all customer data from e-commerce within 90 days, once it is no longer needed to complete the order, and will even remove customer data manually if requested before that,” the firm stated.
Trezor believes that the recent wave of phishing attacks was a result of a hack on its hardware wallet competitor Ledger. The French company was hacked in late June, with the attackers accessing one million emails. They also accessed additional details such as postal addresses, first and last names and phone numbers for close 9,500 of the users.
Trezor believes that this is the data the attackers in the latest phishing attack are relying on.
“The timing and scope of this phishing scheme suggests it is a second wave of attacks resulting from a breach of our competitor’s e-commerce database. Malicious actors who acquired the data from that attack are blindly targeting Ledger customers whom they presume may also own a Trezor wallet.”
Trezor advised its users against ever digitizing their recovery seed or sharing them. They should also ensure they perform every important action using their hardware wallets.
This is not the first phishing campaign that has relied on data from the July Ledger hack. In October, thousands of Ledger users were targeted by a phishing attack that many described as “really legit-looking.” The attackers told the targets that Ledger had found several of its servers to be infected with malware.
One user described the attack on Reddit, “Wow this looked really legit, so much so I used Contact Us form to ask Ledger if it was real. I am normally pretty good at sniffing things like this out – this was by far the most convincing attempt I have ever seen.”