Trezor, a hardware wallet provider, has confirmed that a series of malicious emails sent to users in the past 12 hours were the result of unauthorized use of its third-party email provider. The phishing emails impersonating Trezor urge recipients to upgrade their "network" or risk losing their funds. They provide a malicious link leading to a webpage requesting the user's seed phrase. Trezor has not confirmed any fund losses due to the phishing attempt, but it managed to deactivate the malicious link. Users who entered their recovery seed are advised to transfer their funds to a new wallet immediately.
Trezor's investigation suggests that an unauthorized individual gained access to its database of email addresses for newsletter subscribers and used a third-party email service also utilized by Trezor to send the malicious emails. Some speculate that this recent attack is linked to a security breach of Trezor's support portal on January 17, which exposed the contact information of nearly 66,000 users. Trezor has emphasized that no other data were compromised, and they have taken immediate action to restrict unauthorized access and contact affected users.
Digital asset lawyer Joe Carlasare described the phishing email as a "sophisticated scam" after receiving it personally. Trezor has previously cautioned users about phishing attacks aiming to steal their funds by tricking them into entering their wallet's recovery phrase on a fake Trezor website. In May, cybersecurity firm Kaspersky reported a fake hardware wallet impersonating Trezor in the market, attempting to steal funds through a replaced microcontroller, giving fraudsters control over users' private keys.