Trezor, the popular hardware wallet provider, recently verified that the source of a series of harmful emails sent to users in the past 12 hours was an unauthorized use of its third-party email provider. The company detected an unauthorized email posing as Trezor, originating through a third-party email service they employ. The deceptive email, sent by noreply trezor.io, prompts users to update their network to avoid fund loss, providing a harmful link that leads to a webpage asking for their seed phrase.
A Seed Of Evil
While Trezor has not confirmed any fund losses via the phishing attempt, it successfully deactivated the malicious link, ensuring user funds are secure unless the recovery seed was entered. For those who entered their seed phrase though, Trezor advises an immediate fund transfer to a new wallet. The investigation also revealed an unauthorized person accessed the email database of newsletter subscribers, utilizing the third-party email service employed by Trezor to send the deceptive emails.
Notably, various experts believe that a recent cybersecurity incident involving MailerLite on January 23rd, 2024, resulting in phishing emails with branded domains, including those of Cointelegraph, WalletConnect, and Token Terminal, may indeed be connected to this attack.
Damage Control
Although it remains unclear whether Trezor uses the same email domain provider, losses exceeding $3.3 million have occurred due to these phishing attacks. Some speculate the recent assault might be linked to the security breach of the Trezor support portal on January 17th, 2024, exposing contact details of nearly 66,000 users.
On January 24th, digital asset lawyer Joe Carlasare described the phishing email as a sophisticated scam after personally receiving it. Trezor had cautioned users about a phishing attack last year, and in May, cybersecurity firm Kaspersky observed a fake hardware wallet impersonating Trezor in the market, attempting to steal funds through a manipulated microcontroller, taking control of user private keys.