Rise in Phishing Campaigns Targeting Crypto Hardware Wallet Users

By: Isha Das

Users of the cryptocurrency hardware wallet, Trezor, have reported a recent surge in phishing emails directing them to fraudulent websites. Community members, concerned about potential data breaches, suggest the phishing campaigns may hint at a security compromise at Trezor or its UK distributor, Evri.

An active phishing campaign reportedly invites users to download the latest firmware for their Trezor devices, alleging a software issue the update will fix. Some users claimed to have received these malicious emails on accounts created solely for communicating with Trezor.

A known blockchain analyst has spotlighted these concerns on social media. Additionally, forums like Reddit have witnessed users voicing similar apprehensions regarding potential breaches of Trezor’s customer database.

Trezor is reportedly analyzing the situation, with the firm's brand ambassador clarifying that Trezor never requests users' recovery seeds, PINs, or passphrase. The recent phishing campaign comes on the heels of another attack last year affecting more than 100,000 Trezor users, which Trezor attributed to an insider compromising a Mailchimp-hosted newsletter database.