Trezor Users Report New Phishing Emails Few Days After Support Portal Breach

Hardware wallet provider Trezor has confirmed unauthorized use of its third-party email provider has been behind a spate of phishing emails sent to users over the past 12 hours.

UPDATE – We swiftly managed to deactivate the malicious link within the email text immediately and limited the reach of the threat!

— Trezor (@Trezor) January 24, 2024

This is coming a few days after Trezor reported a support portal breach.

“We’ve detected an unauthorized email impersonating Trezor sent from a third-party email provider we use,” the hardware wallet provider explained on Jan. 24.

“Please do not click any links or provide any info within,” the email, Trezor stressed.

🚨 Security Alert 🚨

We've detected an unauthorized email impersonating Trezor sent from a third-party email provider we use.

If you received a suspicious email with the subject line 'Assets undergoing upgrade' from the ID: noreply@trezor.io, please do not click any links or… pic.twitter.com/RqQnQkB4hX

— Trezor (@Trezor) January 24, 2024

The malicious email, sent from “noreply@trezor.io” instructs users to upgrade their “network” or face losing their funds, providing them with a malicious link that leads to a webpage to have them enter their seed phrase.

See Also: Trezor Hardware Wallet Provider Suffers Security Breach; Says Over 66,000 Accounts Affected

Trezor hasn’t confirmed whether any users lost funds from the phishing attempt, nor has Cointelegraph seen any X posts suggesting a Trezor user has fallen victim to the scam.

However, Trezor confirmed it managed to “deactivate the malicious link,” and said user funds remain safe as long as the user didn’t enter their recovery seed. For those that did, Trezor urges users to transfer their funds to a new wallet immediately.

Hi Shane, clicking the link does not cause any harm. The link leads to a form to which your are prompted to enter your recovery seed. If you did not enter your seed online, your wallet remains safe.

— Trezor (@Trezor) January 24, 2024

Trezor said its investigation so far points to an unauthorized individual accessing its database of email addresses for its newsletter subscribers and using a third-party email service that Trezor uses to send the malicious email.

Interestingly, only days earlier, email marketing software firm MailerLite confirmed a cybersecurity incident on Jan. 23, which led to a string of phishing emails using branded domains, including those owned by Cointelegraph, WalletConnect, and Token Terminal. 

The attacks have resulted in losses of over $3.3 million via phishing attacks. However, it is not clear whether Trezor uses the same email domain provider.

Others believe the recent attack is related to a recent security breach of Trezor’s support portal, which had exposed the contact information of nearly 66,000 users on Jan. 17.

BREAKING 🚨 NEWS : Trezor support portal breached, phishing emails circulating. pic.twitter.com/1GJFAyeRms

— Jason A. Williams (@GoingParabolic) January 24, 2024

“No other data were compromised. We immediately restricted access to all unauthorized actors and are now contacting all affected users,” Trezor said at the time.

See Also: Trezor Security Breach: Only User Data Are Exposed, Digital Assets Are Safe

Digital asset lawyer Joe Carlasare revealed he personally received the phishing email in a Jan. 24 X post, describing it as a “sophisticated scam.”

Sophisticated scam right here pic.twitter.com/Sys5gcpeC1

— Joe Carlasare (@JoeCarlasare) January 24, 2024

In February last year, Trezor cautioned users about a phishing attack designed to steal investor funds by making them enter the wallet’s recovery phrase on a fake Trezor website.

A few months later, in May, cybersecurity firm Kaspersky observed that a fake hardware wallet impersonating Trezor had hit the market. The fraudsters would then attempt to steal funds via a replaced microcontroller, which enabled them to take over control of a user’s private keys, the security firm explained.