Hardware wallet creator Trezor is warning its customers of a phishing attack related to a recent hack of its rival firm Ledger. The company said that attackers are using data obtained from the e-commerce database of its competitor to target Trezor users.
Urgent alert for users
Trezor sent an urgent alert to its users recently asking them to beware of a phishing attack. The firm said that several of its customers receive fraudulent communications related to their hardware wallets in the last few days. Trezor said that it did not suffer any hack and its data is safe. However, it noted that the attackers are using databases obtained from Ledger’s e-commerce database to launch an attack.
It highlighted that the attackers with access to Ledger data are sending texts to customers blindly to lure them. They have added their own phishing links on the website and inducing users to enter their seeds.
Ledger’s June data hack may be utilized
Trezor was indicating the June data hack of its rival firm Ledger. Attackers broke into the database of the firm and stole data of about 1 million customers. The information includes the names, phone numbers, and shipping addresses of the customers.
Trezor explained, “The attackers may have bought competitors’ customer data from a dark market, where breached data is often sold, allowing them to send malicious links to any contacts listed in that data. The scammer is sending links to a fake version of the Trezor website, a replica of wallet.trezor.io, which has been modified to ask visitors for their recovery seed, completely exposing their coins.”
As soon as the user enters their seed on the fake Trezor website, the attacker replicates their wallet and sends the user’s funds to their own address. Trezor said that it does not ask for important information like recovery seed from the users over text messages. The firm said that it routinely anonymizes customers’ data and removes all records from its e-commerce system 90 days after placing an order.