Trezor Warns Wallet Users of Phishing Attack Linked to Ledger Hack

The creators of hardware wallet, Trezor have issued an urgent alert, saying that a Phishing Phishing Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Read this Term attack against some of its users has occurred over the last few days. Trezor team said that a number of its customers received fake communications regarding their hardware wallets.

The crypto wallet provider confirmed that its customer data has not been leaked. Instead, Trezor suggests that attackers appear to be using data obtained from the hack of a competitor’s e-commerce database. It added that the timing and scope of this phishing scheme suggest that the hackers who obtained the data are blindly sending texts to customers, and created phishing links for them to enter their seeds.

Trezor is apparently referring to cryptocurrency hardware wallet firm, Ledger, which was hacked in June when attackers managed to break into their database and steal data belonging to roughly a million customers. The information exposed to hackers included names, shipping addresses and phone numbers.

“The attackers may have bought competitors’ customer data from a dark market, where breached data is often sold, allowing them to send malicious links to any contacts listed in that data. The scammer is sending links to a fake version of the Trezor website, a replica of wallet.trezor.io, which has been modified to ask visitors for their recovery seed, completely exposing their coins. Once the user enters their seed on the fake webpage, the attacker simply replicates their wallet and sends the funds to an address they own,” the crypto firm further explains.

Trezor Plays Down the Risks

Moreover, Trezor makes clear that it will never ask for important information such as recovery seed, identification numbers or passwords over text messages. To help in securing users against possible breaches of data, Trezor added they routinely anonymize all customer data and remove all records from its e-commerce system after 90 days of placement orders.

Open a Trading Account Today With These Recommended Brokers

While hardware wallets are often used as a Cold Storage Cold Storage Cold storage is a computer system or mode of operation that is designed for the retention of inactive data, in this case private keys for cryptocurrencies. This helps put up resilient barriers against theft by hackers and malware, and is often a necessary security protocol especially dealing with large amounts of Bitcoin.In order to “own” a cryptocurrency, one must be in control of a cryptocurrency’s private keys. As such, private keys are long strings of random characters that can be used to se Cold storage is a computer system or mode of operation that is designed for the retention of inactive data, in this case private keys for cryptocurrencies. This helps put up resilient barriers against theft by hackers and malware, and is often a necessary security protocol especially dealing with large amounts of Bitcoin.In order to “own” a cryptocurrency, one must be in control of a cryptocurrency’s private keys. As such, private keys are long strings of random characters that can be used to se Read this Term method, they are not exempt from data breaches. Earlier this year, Kraken Security Labs disclosed a glaring flaw in the Trezor’s flagship hardware wallets, which allows attackers to steal the data stored within the devices.

Kraken cybersecurity researchers claim that the physical theft of encrypted seed can happen within 15 minutes of gaining access to the crypto wallet. While this flaw could only be exploited if there is physical access to the device, Kraken noted that it could only be fixed by overhauling the underlying design of Trezor’s products.

Trezor’s response was to point out that they are aware of this voltage glitching in the STM32 microchip, which allows an attacker with specialized hardware knowledge to obtain the encrypted recovery seed from the device.

More interestingly, Trezor attempted to underplay the significance of the issue, saying that the main threat and concern for crypto users were online and remote attacks, adding that any hardware is hackable.