Hardware wallet provider Trezor has explained the malicious emails sent to its users.
In a post to X, Trezor explained that it had discovered an unauthorized email impersonating the Trezor team from a third-party email provider it uses.
The malicious email, sent from the address “[email protected],” asks users to upgrade their “network” or face the loss of their funds, providing them with a malicious link leading to a web page where they must enter their seed phrase.
— Trezor (@Trezor) January 24, 2024🚨 Security Alert 🚨
We've detected an unauthorized email impersonating Trezor sent from a third-party email provider we use.
If you received a suspicious email with the subject line 'Assets undergoing upgrade' from the ID: [email protected], please do not click any links or… pic.twitter.com/RqQnQkB4hX
Trezor found that an unauthorized person had accessed the newsletter subscriber email address database and used a third-party email service to send a malicious email.
The project team has already managed to “deactivate the malicious link” and stated that the user’s funds will remain safe unless they enter their recovery seed.
— Trezor (@Trezor) January 24, 2024The unauthorized email impersonating Trezor using our domain addressed subscribers to our newsletter.
If you have not disclosed your 12 or 24-word recovery seed through any online form, your assets remain secure.
If you have entered your recovery seed in any form, particularly…
It is noteworthy that attackers took advantage of a vulnerability in the MailerLite digital marketing platform just a few days before the incident. Posing as well-known cryptocurrency companies, unknown people were able to steal about $600,000. The scammers pretended to be representatives of CoinTelegraph, Token Terminal, Wallet Connect, and De.Fi in emails. The emails contained malicious links leading to sites created to steal crypto assets.