Hardware cryptocurrency wallet Trezor had its automated support system exploited to facilitate cryptocurrency theft as part of a new phishing campaign, according to BleepingComputer.
Malicious actors have abused Trezor's contact form to deliver phishing emails requiring urgent action on accounts that included a domain, which redirected to a fraudulent page seeking the targets' wallet seed phrases that could then be used to access their crypto assets, said Trezor in an alert. All users have been urged to keep their wallet seeds to themselves, as the firm noted ongoing efforts to adopt defenses that would curb similar attacks. Such a development comes more than a year after Trezor had data from almost 66,000 users compromised following the breach of its third-party support ticketing portal. Trezor users have also been subjected to separate phishing attacks in April 2022 and February 2023, with the former stemming from the breach of email marketing company MailChimp.
Malicious actors have abused Trezor's contact form to deliver phishing emails requiring urgent action on accounts that included a domain, which redirected to a fraudulent page seeking the targets' wallet seed phrases that could then be used to access their crypto assets, said Trezor in an alert. All users have been urged to keep their wallet seeds to themselves, as the firm noted ongoing efforts to adopt defenses that would curb similar attacks. Such a development comes more than a year after Trezor had data from almost 66,000 users compromised following the breach of its third-party support ticketing portal. Trezor users have also been subjected to separate phishing attacks in April 2022 and February 2023, with the former stemming from the breach of email marketing company MailChimp.
