Security News > 2022 > April > Fake Trezor data breach emails used to steal cryptocurrency wallets

A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them.

Trezor is a hardware cryptocurrency wallet that allows you to store your crypto assets offline, rather than using cloud-based wallets or wallets stored on your PC that are more vulnerable to theft.

Starting today, Trezor hardware wallet owners began receiving data breach notifications prompting recipients to download a fake Trezor Suite software that would steal their recovery seeds.

The phishing attack started with the Trezor hardware wallet owners receiving fake security incident emails claiming to be a data breach notification.

"We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers, and that the wallet associated with your e-email address [email here] is within those affected by the breach.," reads fake Trezor data breach phishing email.

These fake data breach emails say that the company does not know the extent of the breach and that owners should download the latest Trezor Suite to set up a new PIN on their hardware wallet.

News URL

https://www.bleepingcomputer.com/news/security/fake-trezor-data-breach-emails-used-to-steal-cryptocurrency-wallets/