Trezor, known for providing hardware wallet services, has revealed that someone gained unauthorized access to its third-party email service and sent a slew of malicious emails to its customer base in the last 24 hours.
The news comes on the heels of another recent incident in which Mailerlite reported that hackers managed to gain access to some of the selected Web3 accounts, which resulted in an exploit, and $3.3 million was stolen from unsuspected subscribers after sending phishing emails to them.
The hackers accessed the Web3 accounts after tricking Mailerlite’s customer service employee into divulging the necessary information to access those Web3 accounts.
In this scenario, the hackers also attempted to send phishing emails to Trezor’s customers; however, as of now, the company hasn’t confirmed whether they managed to steal anything from anyone.
On January 24, the hardware wallet provider said: “We’ve detected an unauthorized email impersonating Trezor sent from a third-party email provider we use.”
But what was the attacker’s plan of action in this case? The answer to that question is that the hacker sent malicious emails from the address noreply@trezor.io, in which he wanted to direct users to an offer where they could upgrade their network and avoid losing any funds from their accounts.
It included a malicious link that, when clicked, would have taken users to a webpage where they would be prompted to enter their seed phrase. When someone gains access to someone’s seed phrase, they can access the affected party’s wallet account and siphon off funds from that account, essentially wiping it clean.
On a positive note, however, the hardware wallet provider confirmed that no one has yet come forward reporting any loss of funds from their account, nor has anyone on social media platforms like X (formerly Twitter) come forward with a claim of their assets being stolen.
To ensure that no one else becomes susceptible to this malicious attack, the company confirmed that they had managed to deactivate the malicious link and assured users that their funds were safe if they hadn’t given away their recovery seed.
However, if someone has been misfortunate enough to give away their seed phrase, the firm has urged them to immediately transfer their funds to a new wallet to avoid losing them.
The firm’s investigation suggests that an unauthorized person gained access to the database containing the email addresses of its newsletter subscribers. Subsequently, this individual employed a third-party email service to send the malicious emails.
Some people suspect this is the same individual or group targeting Trezor and behind Mailerlite’s exploit. The pattern followed in this case is similar to the Mailerlite scenario.
The exploit resulted in the official accounts of WalletConnect, Token Terminal, and De. Fi getting compromised from where hackers sent malicious emails to their subscribers and managed to gain hold of $3.3 million in stolen assets.
However, whether they use the same email domain provider has not yet been confirmed from anywhere, including Trezor.
The other more plausible scenario is that this incident is related to the security breach of Trezor’s support portal, which occurred on January 17 and resulted in the contact information of approximately 66,000 users being exposed to the public.
The company revealed that unauthorized access to a third-party support portal was identified on January 17, potentially affecting users who interacted with Trezor’s support team since December 2021.
Although no funds were compromised, 41 users received phishing emails, and eight on a trial discussion platform had their details compromised.
Trezor emphasized that no recovery seed phrases were disclosed, and affected users were promptly notified.
These two recent incidents add to the similar situations the firm has faced over the past year. In February 2023, it warned users about a phishing attack aimed at extracting investor funds.
The attack tricked users into entering their wallet’s recovery phrase on a fraudulent firm’s website. Subsequently, in May of the same year, cybersecurity firm Kaspersky reported the emergence of a counterfeit hardware wallet posing as Trezor.
The scammers behind this scheme tried to steal funds by replacing the device’s microcontroller, effectively gaining control over users’ private keys, as detailed by the security firm.
Some users have shared information regarding receiving emails that made them concerned that they are being targeted in a phishing scam.
Joe Carlasare, a digital asset lawyer, disclosed in a post on January 24 that he had encountered a phishing email, characterizing it as an advanced and well-crafted scam.
