Trezor wallet users became victims of a phishing attack, according to an official tweet by the company on April 3rd. Users received emails that impersonated Trezor and Satoshilabs, urging them to download a new Trezor Suite app. This is a very similar incident to what happened last year with Trezor’s main competitor, Ledger.
Trezor is one of the most popular cryptocurrency hardware wallets. A hardware wallet is the most secure type of cryptocurrency wallet. Consequently, many users are wondering whether the attack indicates a security breach on Trezor.
Is the Trezor hardware wallet breached?
Short answer: No… So, what happened?
Trezor is regularly sending out newsletters through the Mailchimp email marketing service. A malicious party from Mailchimp gained access to the Trezor mailing list and sent out an email impersonating the Trezor team. The email stated that due to a security breach, the funds of the users were in danger. Therefore, the email urged users to download a fake version of Trezor Suite and enter their seed phrase.
Obviously, any party that gains access to a user’s seed phrase, is able to steal the digital funds of the wallet. The seed phrase is usually a 12 or 24-word mnemonic phrase that allows the user to access a cryptocurrency wallet and spend funds.
The Trezor team soon managed to take the phishing domain offline and stated that they will stop sending newsletters until the incident is resolved. The team also warned users to not open any emails coming from the address [email protected].
The fake version of Trezor Suite looked similar to the original one. In addition, it included a warning for users to not enter their recovery seed due to recent phishing attacks! This made many users believe that the version was legitimate.
How can I protect myself from a phishing attack?
There are multiple security practices that a user can follow to eliminate the chances of becoming a phishing attack victim. Trezor advised users to have anonymous email addresses for their crypto activities. Furthermore, when users receive emails from a crypto company, they should check for suspicious domains and whether they match the original company domains. In the case of the Trezor phishing attack, the email included a link to download the new version. Trezor’s security practices enhance a rule to never include links within their emails.
Emails coming from crypto companies are always suspicious, especially when they include links to download a “new” software.
Users should be aware that due to the structure of hardware wallets, a breach could not technically compromise the individual devices of users. In a hardware wallet, transaction signing occurs in the device, without data about private keys communicated online. Users enter the seed phrase on the screen of the hardware wallet. The purpose of hardware wallets is to never type the recovery seed in any other device including a website, an online link or another application.
A notable method to hide your true identity and gain protection from data breaches and spam is the concept of Burner Emails. Burner Emails enable the creation of random email addresses for every form a user is submitting online. All emails are forwarded to the user’s personal email address. A popular Burner Emails service is burnermail.