The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend. The Trezor team says “signs point toward DNS poisoning or BGP hijacking” as the means attackers hijacked legitimate traffic meant for the official wallet.trezor.io domain but redirected these users to a malicious server hosting a fake website. An investigation is still underway to determine the exact cause. Tim Helming, Director of Product Management at DomainTools commented below.
Tim Helming, Director of Product Management at DomainTools:
“This is a classic phishing attack, targeting the incredibly lucrative cryptocurrency market. Because of the inherent characteristics of how crypto currencies work, the coins the cybercriminals were trying to access are particularly difficult to trace. We can learn a lot about how to spot a phishing attack from this; Trezor picked up on inaccurate wording on the phishing site, and the fact that they wanted users to send a copy of their recovery seed. This shows us that the more detailed out examination of a website- from domain, wording, layout, and other such cues – the better our chances of identifying a phishing site before it is too late.”