In an advanced announcement, Trezor, the leading crypto hardware wallet provider in Prague, has revealed plans to investigate a phishing campaign targeting its customers.

The report demonstrated that Trezor users have been receiving phishing emails that lured them to download a suspicious link for buying a wallet. The phishing attack was brought to light by ZachXBT, a renowned blockchain investigator. 

Trezor Suffers a Phishing Attack

In an October 26 report, ZackXBT warned the Trezor customers to avoid falling into the scammers’ trap. Citing an X post from one of the affected customers, ZackXBT noted that the attackers were sending phishing emails to deceive the users while purchasing digital wallets. 

The ZackXBT team noted that the recent phishing emails mirror a malicious attack that occurred in March. In a past incident, the hackers introduced a phishing email to trick the Trezor user into sharing the recovery phrases. 

Also, the bad players had developed a fake Trezor website, deceiving the users to disclose their private keys. In the email, the attackers purported to work for Trezor and were fixing a software bug. They encourage the users to download a suspicious link only to steal their login details. 

The ZachXBT team warned the public from downloading the phishing email linked to the Trezor purchases. The blockchain firm noted that the social media alerts aimed at informing the public on the possible data breach on Trezor. 

Impact of Phishing Attack

The ZachXBT report demonstrated that Trezor’s malicious attack could impact data breaches to its UK business partner Evri. Besides the warning, ZachXBT observed that two Reddit users reported the Trezor incident. 

The ZachXBT report and the social media posts concerning the Trezor attack have forced the company to take preventive actions. An announcement conveyed by Trezor brand ambassador Josef Tetek revealed that the company was aware of the ongoing phishing attack. 

The executive stated that the Trezor team has actively been informing the public about fake websites and domains. Tetek admitted that Trezor has been educating the customers on the risks associated with cybercrime. 

Trezor Takes Preventive Measures to Address Phishing Attacks

He stated that the blockchain firm has developed multiple educational materials to educate users on effective ways to address phishing attacks.

A review of the Trezor publication demonstrates that most phishing emails mandate the users to download fake Trezor suites that require the customers to sign in to their wallets to proceed with the subsequent steps. 

He noted that attackers aim at exploiting the seed phrases provided by the users after logging into the application. After obtaining the user’s login details, the bad actors access the application to transfer the available funds to their external wallets. 

Tetek noted that at no point will Trezor request the user to provide a seed phrase or pin. He urged users to avoid sharing their recovery seed with any website or application. 

Tetek requested the users to follow Trezor instructions before proceeding with any transaction involving the recovery seed. The official stated that the hackers have occasionally launched phishing attacks on Trezor platform.