Phishing attacks have already proven to be a danger for all types of PC users in 2022, but they are especially rampant in crypto and NFT spaces. We’ve seen scammers use Discord to try to steal cryptocurrenciesand NFTs tricked into OpenSea phishing scam.
Now, cryptocurrency wallet provider Trezor has found its users under attack. reported by computer beepingTrezor’s mailing list was used to target users and trick them into downloading a fake version of software designed to steal their crypto assets.
Trezor’s original software is open source, so the code is available for download, and in this case it can be manipulated by others. This counterfeit version is likely to be very slightly altered from the original as it still has the Trezor banner warning customers to beware of phishing scams.
Once downloaded, the software asks for a recovery phrase that would have been set by the user when setting up their wallet for the first time. This recovery phrase acts as a key to get back to the wallet if lost. Once the user enters the key, the game is over. The recovery phrase is sent back to the scammers who can now claim all their crypto assets for themselves.
It goes without saying that you should always be incredibly careful when using recovery keys for anything online. With phishing scams so sophisticated, it can be incredibly difficult to tell a legitimate website or program from a fake one. Even the websites associated with downloading this particular scam looked legitimate due to the use of special characters. It’s always a good idea to double-check anything that asks for a security key or password, there are absolutely dragons out there.
Trezor believes that this particular dragon targeted one of his newsletters hosted on the automated email platform Mailchimp and was co-opted for nefarious purposes. Trezor too declared in a tweet that Mailchimp confirmed that an insider was targeting crypto companies, but there has yet to be a statement from Mailchimp itself on the matter.
MailChimp confirmed that its service was compromised by an insider targeting crypto companies. We were able to take the phishing domain offline. We are trying to determine how many email addresses are affected. 1/April 3, 2022
For now, it’s best to treat every email with a little suspicion and definitely do some checking before handing over any information or installing files on your PC. Logging into the service normally on a different browser or machine is always a smart step if something looks suspicious. Manually typing links instead of clicking them and checking them again on the known website is also a good measure to avoid problems.
With all these hacks targeting cryptocurrencies in particular, it could be that avoiding them all together is also the best way to stay safe in these interesting times. And don’t forget to update your passwords!