Connect with us

Hi, what are you looking for?

Editor's Pick

Trezor Confirms Unauthorized Use of Email Provider Led to Malicious Emails

Hardware wallet provider Trezor has confirmed that the unauthorized use of its third-party email provider led to a spate of malicious emails sent to users over the past 12 hours.

In a statement released on January 24, Trezor disclosed that it had detected an unauthorized email impersonating the company, which was sent from a third-party email provider they utilize.

The malicious email, originating from the address “noreply@trezor.io,” instructed users to upgrade their “network” or risk losing their funds.

It included a link that directed recipients to a webpage where they were prompted to enter their seed phrase.

Trezor has not confirmed any cases of users losing funds as a result of this phishing attempt, and there have been no reports suggesting that Trezor users fell victim to the scam.

Security Alert

We’ve detected an unauthorized email impersonating Trezor sent from a third-party email provider we use.

If you received a suspicious email with the subject line ‘Assets undergoing upgrade’ from the ID: noreply@trezor.io, please do not click any links or… pic.twitter.com/RqQnQkB4hX

— Trezor (@Trezor) January 24, 2024

Trezor Says it Has Deactivated the Malicious Link

Trezor assured its users that it had successfully deactivated the malicious link and emphasized that user funds remained safe as long as the recovery seed was not entered.

“We swiftly managed to deactivate the malicious link within the email text immediately and limited the reach of the threat!”

However, for those who did enter their recovery seed, Trezor asked them to transfer their funds to a new wallet immediately.

Trezor’s ongoing investigation indicates that an unauthorized individual gained access to its database of email addresses for newsletter subscribers and utilized a third-party email service to send the malicious emails.

Notably, MailerLite, an email marketing software firm, recently reported a cybersecurity incident on January 23, which resulted in a series of phishing emails exploiting branded domains, including those owned by Cointelegraph, WalletConnect, and Token Terminal.

Whether Trezor utilizes the same email domain provider remains unclear.

Digital asset lawyer Joe Carlasare shared his personal experience of receiving the phishing email in a post, describing it as a “sophisticated scam.”

Sophisticated scam right here pic.twitter.com/Sys5gcpeC1

— Joe Carlasare (@JoeCarlasare) January 24, 2024

Recent Hack Might be Linked to Breach of Support Portal

Some speculate that this recent attack may be linked to a security breach of Trezor’s support portal in which the contact information of approximately 66,000 users was exposed on January 17.

Despite the breach, the company emphasized that no recovery seed phrases were disclosed as a result of the incident.

At the time, the hardware wallet provider also said it has restricted access to unauthorized actors and has been in the process of contacting the affected users.

It is worth noting that this is not the first time Trezor has faced attempts to compromise user funds.

While being a reputable name in the cryptocurrency hardware wallet industry, Trezor has faced its fair share of security challenges over the years.

In February of the previous year, Trezor warned users about a phishing attack that aimed to steal investor funds by tricking them into entering their recovery phrase on a fake Trezor website.

Additionally, in May, cybersecurity firm Kaspersky reported the emergence of a counterfeit hardware wallet posing as Trezor.

This fraudulent device utilized a replaced microcontroller to gain control of a user’s private keys, enabling the scammers to steal funds.

The post Trezor Confirms Unauthorized Use of Email Provider Led to Malicious Emails appeared first on Cryptonews.

You May Also Like

Economy

How can Forex crash? Forex market crash history Fact that the Forex is one of the most volatile and most profitable markets in the...

Editor's Pick

As decentralized naming systems gain traction, Ethereum Name Service has seen ENS price double, leaving some FOMO investors asking is it too late to...

Editor's Pick

Colorado-based pastor Eligio “Eli” Regalado and his wife, Kaitlyn, are facing legal action after allegedly defrauding investors of millions of dollars through the sale...

Stock

Enthusiasm is needed to drive an uptrend, but sometimes enthusiasm can go too far. That is why technical analysts like to use various sentiment...

Disclaimer: happyretirementstories.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.


Copyright © 2024 happyretirementstories.com