After a data leak on a newsletter, the holders of a Trezor hadware wallet are the targets of a phishing attempt. This well-constructed attack could sow doubt in the mind of a potential victim, but does not question the importance of hardwares wallets.
Trezor confirms the origin of the phishing
Since this Sunday, a phishing attack is underway among users of Trezor hardware wallet. This malicious campaign has been confirmed by the company, following several questions from customers on Twitter.
The attack comes after a data leak occurred on a newsletter hosted by MailChimp. Thus, users received an email from “noreply@trezor.us” instead of the domain name “trezor.io”.
The targeted individuals receiving this email were then prompted to download an alleged update to the latest version of the Trezor Suite software, and then change their PIN. The email is very well structured and can leave room for doubt.
We do not know, at this time, if the phishing has victimized users of a Trezor hardware wallet. The company has, for the time being, suspended its newsletter while it clarifies the situation.
When fear pushes you to make mistakes
Of course, it should be noted that the security of Trezor hardwares is not in question, contrary to what this phishing attempt would have us believe.
We can only speculate what would happen if someone were to click on the link in the email. Although the purpose is most certainly to steal his cryptocurrencies in one way or another.
This attack is reminiscent of the one suffered by Ledger, almost two years ago. But in either case, these events do not detract from the effectiveness of hardwares wallets. They remain, to this day, the best alternative to protect one’s assets from a hacker who would try to take control of a computer or a wallet for example.
This type of scam often plays on fear, to push people to act in haste. If you have any doubts, social networks, and particularly those of the companies concerned, can help you. Indeed, in the case of a real security flaw, it would be in their interest to communicate it on their Twitter in particular.
