Hardware cryptocurrency wallet provider Trezor has warned its users about a new phishing attack targeting their cryptocurrency investments by attempting to steal their private keys.
Trezor took to Twitter on February 28 to caution users about an active phishing attack designed to steal money from investors by making them enter the wallet recovery phrase on a fake Trezor website.
The phishing campaign involves attackers impersonating Trezor and contacting victims via phone calls, text messages, or emails claiming there has been a security breach or suspicious activity on their Trezor account.
“Trezor Suite recently suffered a security breach, assume all your assets are vulnerable,” reads the fake message, inviting users to follow a phishing link to “secure” their Trezor device.
“Please ignore these messages as they are not from Trezor,” Trezor stated on Twitter, emphasizing that the firm will never contact its clients via calls or SMS. The firm added that Trezor has not found any evidence of a database breach.
According to online reports, the latest phishing attack against Trezor clients was thrown out on February 27, and users were directed to a domain that asked to enter their recovery seed. The domain provides a perfectly designed fake Trezor website that prompts users to start protecting their wallet by clicking the “Start” button.
After clicking the “Start” button, users will be asked to provide the recovery phrase for their cryptocurrency wallet.
The wallet recovery phrase, also known as private keys, is the most important part of self-custody, or “being your own bank” by keeping your crypto in a non-custodial software or hardware wallet. The security of the recovery phrase is much more important than keeping the hardware wallet safe, and once the private keys are stolen, it means that the cryptocurrency no longer belongs to its original owner.
Related: Notorious Cryptocurrency Scammer Monkey Drainer Says They Are ‘Shutting Down’
The news came shortly after metaverse signing The Sandbox suffered a data breach on February 26, which resulted in a phishing email being sent to users.
The latest phishing attack against Trezor clients is not the first scam of its kind. Trezor wallets were also targeted by phishing attacks in April 2022, with attackers contacting Trezor users posing as the company and asking them to download a fake Trezor app.
However, such attacks are not unique to Trezor. In 2020, rival hardware wallet firm Ledger suffered a massive data breach, with attackers publicly exposing personal information of more than 270,000 Ledger customers.