Bitcoin

Trezor Security Alert: Be on the lookout for unauthorized emails and persistent phishing attempts | Posted by SatoshiLabs | January 2024

Satoshi Labs
Treasure Blog

January 24, 2024 We are issuing an alert regarding a security incident involving unauthorized emails sent to our newsletter database. The email impersonated Trezor and was sent from a third-party email service provider we use.

memo: Although this incident is different from the one that occurred on January 17th, it is possible that we were targeted by a large group of skilled hackers in connection with unauthorized access to a third-party support ticketing portal we use. We are closely monitoring both incidents and are unable to make any conclusions at this time.

We are continuing to investigate this issue. Below is a summary of the incident, actions taken, and recommendations for what we can do at this time.

A phishing email with the subject line ‘Assets being upgraded’ was sent to newsletter subscribers. This email was sent through a third-party email service provider we use. The phishing email encouraged users to reveal a seed phrase via a malicious link. Our team quickly disabled the link and secured our newsletter database from further unauthorized access. We confirmed that this was a standalone event that only affected email addresses in our newsletter database.

We are conducting a rigorous investigation and taking steps to limit the impact of this incident. However, the risk of phishing attacks remains high and the importance of vigilance cannot be overemphasized.

What we would like to highlight:

  • An email has been sent to users who have subscribed to the newsletter.
  • This was sent from noreply@trezor.io on January 24th with the subject “Assets being upgraded”.
  • If you have entered any form of recovery seed, especially if it was sent via email, it is important to transfer the funds to your new wallet immediately.
  • Your assets will remain safe unless you disclose your 12-word or 24-word recovery seed through our online form.
  • The attack began by compromising the systems of a third-party service provider that Trezor used solely for newsletter email communications.
  • The user received an email from a legitimate Trezor email address with the subject line ‘Assets being upgraded’.
  • We quickly disabled the malicious links within the email and limited the threat’s reach.
  • We immediately warned our users about the scam through various channels, including our official social media channels. An email has been sent to affected users informing them of the situation.

Urgent action is required for affected users:

If you have entered any form of recovery seed (especially if it was linked to in a phishing email), it is important to transfer the funds to a new wallet without delay.

For detailed guidance on how to safely transfer your assets, see our Knowledge Base article.

If you need help doing this, please contact Customer Support.

If you have never encountered a suspicious email before, no further action is required, but it is always a good idea to remain alert for potential phishing attacks.

If you clicked on a link in the email but did not enter any form of recovery seed phrase, you do not need to take any action. Your funds remain safe.

Security reminder for all users

Keep your recovery seeds safe. For users who do not disclose their 12-word or 24-word recovery seed through our online form, their assets will remain safe. It is important to remember to never share your recovery seed online.

Treat emails asking for immediate action with suspicion, especially emails asking for personal information. Cross-reference email content with official Trezor communications on our social channels.

When recovering, do not enter the recovery seed anywhere except on your Trezor device. Under no circumstances will Trezor representatives seek recovery seeds through email, customer support, website, or any form of communication.

Users who are unsure about the correct operation of their wallet are encouraged to contact support at https://trezor.io/support.

Do not share your recovery seeds with anyone. If you receive a communication asking for a seed phrase, it is most likely a phishing attempt, so please contact our official support channels.

We apologize for any concern this may have caused you. Our team is actively working on the incident and will provide further updates as needed. We are confident that we will continue to work hard to further strengthen our security practices. Unfortunately, as was the case with the help desk portal incident, dependency on and governance of third-party service providers is a pervasive challenge for modern businesses.

We caution you to exercise utmost caution in email communications purporting to be from Trezor. Your Trezor hardware wallet has not been compromised in any way and your assets will remain safe as long as the recovery seed is not revealed. Don’t share your seed phrase with anyone, and be wary of any unusual or suspicious contact attempts.

Once again, we express our deepest regret over this incident and apologize for any concerns this may have caused.

Thank you for your continued trust in Trezor.

If you have any concerns, questions, or would like to report suspicious activity, please contact our support team.

  • Is this related to the support security incident that occurred on January 17th?

The recent incident is different from the one that occurred on January 17th, which involved unauthorized access to a third-party support ticket portal we use, but may have been targeted by skilled hackers on a larger scale. We are closely monitoring both incidents and are unable to make any conclusions at this time.

The phishing email sent on January 24th was an unauthorized individual accessing a database containing email addresses of newsletter subscribers and sending emails using our domain through a third-party email service we use. No other data is damaged. We immediately restricted access to all unauthorized actors.

  • Who was affected by this phishing attack?

This security incident affected the email addresses of all users who subscribed to our newsletter. No other data is damaged.

  • Why was a phishing email sent from Trezor’s official email address?

These phishing emails are sent by unauthorized individuals accessing and sending emails through our third-party email services.

  • Why use a third party provider?

Although we aim to handle most of our operations internally, the practicalities of managing every aspect of our business internally make this not feasible. Unfortunately, a company of our size and global footprint must rely on third-party providers because of the challenges of operating efficiently at this scale.

Related Articles

Back to top button