BlocksInform
Cryptocurrency hardware wallet vendor TREZOR warned its users of a new phishing attack targeting their investments in crypto by trying to steal their private keys.
Trezor has been on Twitter since February. 28 to caution users about an active phishing attack designed to steal investors’ money by making them enter the wallet’s recovery phrase on a fake Trezor website.
The phishing campaign involves attackers pretending to be Trezor and communicating with the victims by telephone, text messages or emails alleging a security breach or suspicious activity on their Trezor account.
"Trezor Suite was recently breached, Assume that all of your assets are vulnerable.", Prompting users to use a phishing link to "secure" their Trezor device.
"Please ignore these messages because they are not from Trezor," Trezor said on Twitter, pointing out that the company will never contact its customers via calls or text messages. The company added that trezor found no evidence of an infringement of the database.
According to online reports, the latest phishing attack against Trezor customers was launched on Feb. 27, with users being directed to a domain asking to enter their recovery seed. The domain provides a perfect trezor fake website that invites users to start securing their portfolio by clicking on the "start" button.
After clicking on the "Start" button, users will be prompted to provide the retrieval sentence for their cryptocurrency portfolio.
The phrase for retrieving the portfolio, also known by the name of private keys, is the largest part of self-confidence, or "be your own bank" by keeping your cryptography on a free-custody software or hardware portfolio. The safety of the recovery phrase is way more important than keeping the hardware wallet safe, and once the private keys are stolen, it means that crypto holdings no longer belong to their original owner.
Related: Notorious Monkey Drainer crypto scammer says they’re ‘shutting down’
The news came shortly after metaverse firm The Sandbox suffered a data breach on Feb. 26, that resulted in a phishing email sent to users.
The latest phishing attack on trezor clients is not the first such scam. Trezor wallets were also targeted with phishing attacks in April 2022, with attackers contacting Trezor users posing as the company, asking them to download a fake Trezor app.
Attacks of this kind are not exclusive to trezor, however. In 2020, rival hardware wallet firm Ledger suffered a massive data breach, with attackers publicly exposing personal information of more than 270,000 LEDGER customers.
