Trezor Support Platform Exploited in Crypto Phishing Attacks

Trezor has issued a warning to its users about a phishing campaign that exploits its automated support system to send misleading emails that appear to come from its official platform. 

The company's support website allows anyone to submit a ticket using any email address and subject. Once a ticket is submitted, the system automatically responds with a case number, using the ticket's subject line as the email subject. 

Cybercriminals are taking advantage of this setup by submitting tickets with alarming subject lines such as: "[URGENT]: vault.trezor.guide - Create a Trezor Vault now in order to secure assets who may potentially be at risk." 

Because the automated response is sent from the legitimate عنوان البريد الإلكتروني هذا محمي من روبوتات السبام. يجب عليك تفعيل الجافاسكربت لرؤيته. address, recipients may believe the message is trustworthy. However, the subject line contains a fake alert that includes a link to a phishing site. Users who click on the link are redirected to a fraudulent page that asks for their wallet’s recovery seed. 

Trezor manufactures hardware wallets, which are physical devices used to safely store cryptocurrency. These are known as "cold wallets" because they operate offline and require physical approval for transactions. 

Each Trezor wallet is protected by a 24-word recovery seed, which serves as a master key. If someone else obtains this seed phrase, they can restore the wallet on another device and gain full access to its contents. 

Trezor emphasized in its statement that users should never share their recovery seed with anyone, under any circumstances. 

The company also confirmed that it is working on new security measures to prevent this kind of abuse in the future. 

This is not the first time Trezor’s support systems have been misused to target cryptocurrency holders. In April 2022, attackers exploited a breach at email marketing provider MailChimp to send phishing messages to Trezor users. In February 2023, another large-scale phishing campaign impersonated Trezor and sent fake emails and SMS messages urging users to visit malicious websites. 

In January 2024, Trezor disclosed a data breach involving unauthorized access to its third-party support portal, which exposed the personal information of approximately 66,000 users who had contacted support since late 2021. 

Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.