A Fake Data Breach Used Emails to Steal Cryptocurrency Wallets

Trezor is a hardware cryptocurrency wallet that offers advanced security for storing and managing private keys for Bitcoin and other cryptocurrencies. Trezor allows users to conduct safe payments without exposing their private keys to a possibly hacked computer.

What Happened?

In order to steal cryptocurrency wallets and the assets kept inside them, a stolen Trezor hardware wallet mailing list was used to send bogus data breach alerts to the recipients.

When you click on the link in the phishing email you are directed to download a Trezor Suite lookalike app, that will ask you to connect your wallet and enter your seed. The seed is compromised once you enter it into the app, and your funds will then be immediately transferred to the attackers wallet.

This attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app.

Source

When setting up a new Trezor, a 12- to 24-word recovery seed will be presented, which will enable users to retrieve their wallets in the event that their device is stolen

Read More: https://heimdalsecurity.com/blog/a-fake-data-breach-used-emails-to-steal-cryptocurrency-wallets/