Trezor Wallet Alerts Of Major Crypto Phishing Campaign

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 02, 2023 06:35 am PST

Trezor wallet is involved in an ongoing phishing attack that attempts to steal a target’s cryptocurrency wallet and assets by impersonating Trezor data breach alerts. Trezor is a cryptocurrency wallet that allows users to keep their cryptocurrency offline as opposed to in cloud-based or device-based wallets. This is because a hardware wallet like a Trezor is not intended to be connected to your computer; using one improves protection against viruses in vulnerable devices, etc.

Users were given a 12 or 24-word recovery seed when setting. In the event that a device is stolen, lost, or malfunctions, you can recover your wallet with a new Trezor wallet. Yet anyone with access to this seed can also use it to recover the wallet on their own devices, making them tempting prey for threat actors.

Customers of Trezor started getting SMS and email scam communications on February 27th, claiming that Trezor had experienced a data breach. To safeguard their device, the recipients of these messages are urged to go to a website that is listed.

“With the recent security breech at Trezor Suite, you should consider all your valuables at risk. To protect your assets, kindly adhere to the security procedure: [phishing-site], “reads the warnings about the false Trezor data breach. The countless SMS phishing texts that Mich, a security researcher, has been receiving and reporting are displayed below.

Trezor Wallet Users The Focus Of A Massive Phishing Campaign.

Visitors to the mentioned domain will be redirected to a phony Trezor website that declares, “Your assets might be at risk!” before urging them to begin safeguarding their wallets. Users will eventually be asked to enter their recovery seed when they click the “Start” button, which the threat actors will then take.

When a recovery seed is taken, it’s game over for the owner of the wallet because the threat actors will probably move any assets as soon as possible to an address under their control. It is crucial to never divulge your wallet’s recovery seeds, passwords, or phrases to anyone or enter them online.

Trezor is aware of the phishing campaign and has advised users to be wary of SMS and email phishing scams that purport to alert them to a fake data breach. The business adds that its systems have not shown any signs of a recent data compromise.

“Watch out for current phishing scams! The attackers telephone, SMS, or email the victims to inform them that their Trezor account has experienced a security breach or that there has been other unusual activity “Trezor tweeted.

These communications should be ignored because they are not from Trezor. “No recent database breach has been proven by our research. You won’t ever receive calls or SMS messages from us.”

It is unknown how the threat actors are obtaining the phone numbers and email addresses of Trezor customers; however, it may be through a marketing list that was taken in a MailChimp data breach in March 2022.

The threat actors stole data from 102 customers, the majority of whom were in the cryptocurrency and financial industries. Threat actors quickly sent a sizable wave of false data breach notices in April 2022 using Trezor’s marketing list, which resulted in a website hosting a phony Trezor Suite.

This Trezor Suite would ask the user to enter their recovery seed after installation, and that seed would subsequently be sent back to the threat actors.

The threat actors are still attempting to obtain your recovery seed even if the current phishing effort does not use phony software. As a result, never reveal your recovery seed to anyone or on any website, as we have mentioned, which bears repeating.


An ongoing multi-channel phishing attempt aimed at tricking users into allowing access to their wallets has been acknowledged by cryptocurrency hardware company Trezor. In a tweet, the company issued a warning: “The attackers contact the victims by phone call, SMS, and/or email to suggest that their Trezor account has experienced a security breach or experienced unusual behavior.

“We did not discover any proof of a recent database intrusion. You won’t ever get calls or SMS messages from us. Hardware-based wallets are offered by Trezor, allowing consumers to store their cryptocurrencies. Despite the fact that this is ostensibly a more secure technique than software-based wallets, if users are duped into giving criminals their “recovery seed,” scammers may be able to access their money. The 12- or 24-character password is designed to make it easier for customers to restore their wallet on another device if their device is lost, stolen, or malfunctions.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
InfoSec Expert
March 6, 2023 10:37 am

“Wallets kept offline are often viewed as far more secure than hot wallets or exchanges. However, these wallets are far more attractive to cybercriminals due to them usually storing far more in the way of digital assets.  Much like with initial banking frauds, SMS messages are a standard way to initial communication with unsuspecting victims. When caught off guard by a legitimately looking text message, it can be easy to be led through a series of steps in order to help “protect” funds.  But if anyone is ever requested to hand over their recovery seed, alarm bells should ring and it is vital that it is not divulged, however convincing the messages are.”

Last edited 6 months ago by Jake Moore

Recent Posts

Would love your thoughts, please comment.x