A new phishing campaign has been discovered targeting cryptocurrency hardware wallet firm Trezor.
These wallets allow crypto users to store their funds offline, instead of in a “hot wallet” (a mobile or desktop app), or with a third party (an exchange, a custody service, or a lending/borrowing firm). Hardware wallets, also known as “cold wallets” are generally considered a more secure way to store cryptocurrencies, compared to alternatives.
That also means that anyone who is serious about cryptocurrencies (and has a lot of value) is likely to keep them in cold storage, making Trezor users an attractive target for cybercriminals.
“Securing” a broken wallet
In this new campaign, Trezor users began receiving SMS messages warning them of a “data breach” by the company, and urging them to “secure” their devices immediately. The SMS message also contains a hyperlink that victims must visit.
“Trezor Suite has recently suffered a security breach, consider all your assets vulnerable. Please follow the security procedure to secure your assets: https://www.techradar.com/news/major-new-crypto-wallet-phishing-campaign-targets-trezor-users,” the message read.
Anyone who visits the link will see a fake Trezor website with the message “Your assets may be at risk!” and a Start button where users can “secure” their properties. The first step in this process is to enter the recovery seed.
The recovery seed, usually a set of 12 or 24 words, is used to restore a wallet, if the old device is stolen or destroyed. Anyone with the seed word can restore the wallet and get full access to the funds. So, if the victim ends up entering this information on the phishing page, they are essentially giving the attackers full access to their wallet, which they can later use to withdraw any and all account funds.
Trezor was alerted to the new campaign and took to Twitter to warn its customers that it was being imitated. (Opens in a new tab), and don’t fall for the trick. The company also said it was not aware of any new data breaches, so the attackers likely obtained Trezor users’ emails in the previous MailChimp incident.
Via: BleepingComputer (Opens in a new tab)