Trezor Investigates Data Violations Due To Phishing Attacks

Trezor investigations phishing fraud. (Photo; Doc. Trezor)

JAKARTA - The company providing physical crypto wallets or hardware wallets, Trezor, is currently investigating potential data breaches due to phishing attacks via email that have been rampant lately.

For information, phishing is a form of cyberattack used by fraudsters to obtain victim's personal information by posing as a well-known company. They send fake messages or emails, often imitating banks or online service providers, which direct victims to mock websites to steal passwords, credit card numbers, or other important data.

On October 26, anonymous blockchain investigator ZachXBT reported a phishing attack targeting Trezor users via its Telegram channel. ZachXBT cites a post on platform X (formerly Twitter) from the JHDN account, expressing concerns that Trezor may have suffered a data breach.

This concern arose after the user received a phishing email sent to a special email address used to purchase Trezor wallets, which raised concerns about a possible compromise of user data.

Users report receiving phishing emails that encourage them to install apps from 'trezor.us,' domains that differ from the official domain 'trezor.io.'

Knowing this, Trezor immediately investigated this illegal act until there was further notification. Trezor product users are advised not to click on links from unofficial sources in order to maintain the security of their assets. Trezor Brand Ambassador Josef Tetek confirmed the importance of user awareness regarding this phishing attack and detailed the company's efforts to counter this fraudulent act.

Trezor actively reports fake websites, contacts domain registrars, and educates users about potential risks associated with phishing attacks.

"Users should not include their recovery phrase (seed phase) directly to any website or mobile app or type it on a computer. The safe way is in accordance with the instructions shown on Trezor's connected crypto wallet," said Josef Tetek.

In a blog post in 2022, Trezor highlighted the modus operandi of fraud via phishing emails. Usually, this scam involves users who click on links in emails, which directs them to fake Trezor Suite apps.

This fake app then asks users to connect their wallets and enter the seed phase. Once the seed phase is entered into the app, its security is threatened, allowing fraudsters to quickly transfer funds to their wallets.

Although hardware-based wallets like Trezor are known for their security features, phishing remains a huge threat in the crypto space, as it can trick users into compromising their wallets or personal keys.

Trezor has faced many phishing attacks over the years. The company routinely blacklists a number of fraudulent sites on the real-time blacklist.

Trezor also provides guidance to users on how to identify scams. The crypto wallet company warned their users about phishing attacks designed to steal their personal keys.

Earlier this year, Trezor used his X account to alert users about an active phishing attack designed to steal investors' money by getting them to include the phrase wallet recovery on fake websites.

Not Only Trezor

According to a number of cybersecurity reports, the number of crypto phishing attacks jumped 40% in 2022. hardware wallet users are expected to anticipate phishing scams so as not to click on links sent by the perpetrator via email.

In 2020, another crypto storage device company, Ledger, experienced a similar attack in which fraudsters disclosed the personal information of Ledger users on a large scale. More than 270,000 Ledger user data were stolen.

Then in September, a large crypto owner fell victim to a phishing attack and had to lose millions of dollars in Ether installed on liquid staking provider Rocket Pool.

Investors lost all their Lido ETH (SteTH) and Rocket Pool ETH (RETH) staking addresses balances. At the time of the attack, the stolen amount was worth 15.5 million US dollars (Rp246 billion) in STETH and 8.5 million US dollars (Rp135 billion) in RETH.

Phishing attacks are usually carried out through a number of channels, such as email, SMS, or social media, so it is important for everyone to always be vigilant and not disclose personal information to suspicious parties.