- Trezor said it had disabled the link in the malicious email.
- Trezor warns customers about a phishing attack that could lead to loss of funds.
- The phishing email, disguised as an official communication, asked users to upgrade their wallets.
In a recent post on X (formerly Twitter), cryptocurrency wallet provider Trezor alerted its customers to an ongoing phishing attack that could lead to a permanent loss of funds for victims.
“We’ve detected an unauthorized email impersonating Trezor sent from a third-party email provider we use,” Trezor tweeted. “If you received a suspicious email with the subject line ‘Assets undergoing upgrade’ from the ID: [email protected], please do not click any links or provide any info within.”
According to a snapshot shared in the tweet, the phishing email, which is disguised as an official communication from Trezor, informed customers about an upgrade for their wallet assets. The illicit actors listed Bitcoin, ETH, XRP, and ERC20 among the networks requiring an upgrade.
In the mail, recipients were warned not upgrading their wallets could lead to a loss of their funds, a tactic usually used by illicit actors to push customers to take actions that could compromise their assets.
In the tweet, which has since garnered attention, Trezor asked users not to click the links attached to the email. Furthermore, the wallet service provider warned users not to disclose their seed phrases.
According to Trezor, the phishing email came from a third-party provider and was sent using Trezor’s email domain. The main recipients of the scam email were users subscribed to Trezor’s newsletters.
Meanwhile, Trezor said it has swiftly deactivated the malicious link within the email text. Furthermore, the company reassured customers that their funds remain safe, so long as their “12 or 24-word recovery seed” were not disclosed to the illicit actors.
Indeed, this recent attack follows a security breach on Trezor’s support platform on January 21. As reported then, illicit actors managed to get access to over 60,000 contacts of Trezor’s customers’ email and personal names. Trezor said it had contacted all affected customers and confirmed there were no victims yet.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
