Cryptocurrency wallet provider Trezor has warned users of a phishing attack that attempts to deceive users by claiming an upgrade is required for their wallet assets.
The phishing email, posing as an official communication from Trezor, falsely informed recipients that a number of cryptocurrencies including Bitcoin (BTC) and XRP are undergoing an upgrade, prompting users to take action which could potentially lead to a compromise of their assets.
Analyzing the scam attempt
The phishing email presented itself with a sense of urgency, claiming that failure to comply with the upgrade instructions could lead to a "full funds loss."
By targeting a wide range of popular cryptocurrencies like BTC, ETH, XRP, and various token standards such as ERC20, BEP20, TRON, and TRC20, the perpetrators cast a wide net to catch as many users as possible.
The email directs users to a link that appears to belong to Trezor's official domain, a classic tactic used in phishing schemes to gain the trust of potential victims.
Trezor has since confirmed that this email was not sent from their servers and has advised users not to click on any links or provide any sensitive information.
Trezor's swift response
Trezor's rapid response included deactivating the malicious link, thus limiting the potential harm. The company clarified that the phishing email originated from a third-party provider and was sent using Trezor's email domain, which targeted their newsletter subscribers.
Trezor reassures customers that unless they have entered their recovery seed online, particularly through the link provided in the phishing email, their assets should remain secure.
For those who might have compromised their recovery seed, Trezor urges an immediate transfer of funds to a new wallet and has provided guidance for this process on their official site.
The company is now in the process of contacting all affected users and has restricted any unauthorized access to their database.
Tomiwabold Olajide
Gamza Khanzadaev
Yuri Molchan
