Hardware crypto wallet manufacturer Trezor issued a public statement addressing a security incident involving its customer support contact system, highlighting that attackers exploited the auto-reply mechanism to send phishing emails.
Phishing Emails Through Contact Form
Trezor confirmed that no unauthorized access to user data occurred. Attackers used actual user email addresses to submit fraudulent queries through the public contact form. In return, they received automatic emails that appeared as legitimate support messages.
Trezor clarified: "There was no email breach. Attackers contacted our support on behalf of affected addresses, triggering an auto-reply as a legitimate Trezor support message."
Trezor's User Warnings
In response to user inquiries about the incident, Trezor warned against phishing tactics. The company emphasized that users should never share their wallet backups, as this would give scammers full control over their funds.
"Requests for your wallet backup, passwords, or 2FA codes are clear red flags of a scam," the company noted. Trezor also urged users to keep software updated and to be vigilant regarding all communications.
Rise in Cyber Attacks in June
The Trezor incident coincided with a surge in cyber attacks, particularly by the hacking group Predatory Sparrow, which has claimed responsibility for multiple attacks on Iranian targets, including financial institutions and cryptocurrency exchanges. This has raised concern among cryptocurrency wallet users regarding increasing cyber threats.
The phishing incident involving Trezor serves as a crucial reminder of the importance of security measures in the cryptocurrency space, especially when using hardware wallets.
