Fake security breach notification

tmilone103 · April 3, 2022, 4:01am

I see a strange pattern here that the scammers know the email addresses we used to setup the Trezor wallet. Was our data compromised?

yuluyele · April 3, 2022, 4:05am

I’m sorry, man, that really sucks. Could happen to anyone in a moment of fear/haste. After you downloaded and installed it, I’m guessing it asked for your recovery seed??

pissingontheblackket · April 3, 2022, 5:18am

Perhaps. I am not losing faith in Satoshi Labs but I will, in the case of Bitcoin, going to be moving some sats around to secondary cold wallet (gives me a good excuse to try out Cold Card). This would also be good for me to perhaps consider opening a few junket/purpose email accounts going forward for some accounts.

I would also like to add, that considering geo-political happenings ongoing, it’s safe to assume that increased due-diligence is going to be needed by every BTC asset holder (especially every BTC holder, regardless if they are a 'coiner or non-coiner).

butteryak · April 3, 2022, 7:34am

Yup, got the email as well, just after talking with my GF about being careful about such emails, ha. so my radar was up, at first kinda almost thought it was real, as per the trezor. us email address, anyway, yeah, kinda odd that so many trezor users got the email, seems somewhat suspect, possible data breach?

forgi · April 3, 2022, 9:52am

zapla · April 3, 2022, 10:16am

jonathan · April 4, 2022, 2:40am

Nah, the email said to download the latest version and then to change your pin, which I did. Didn’t realize while I was changing my pin they scooped up my bitcoin.

zapla · April 5, 2022, 10:21am

Hi @jonathan

I am sorry to read that.

However please note that it happened because you have exposed your recovery seed.
You have entered it to the fake app (which you were prompted to download in the phishing email with fake domain).

Also, please note that (as you are also notified during the on-boarding process) you have to keep your recovery seed private and safe all the time since it is the only key for long-term safety of the user’s cryptocurrency funds.

We do not store any information about the seeds or activity of our users.

In other words, the responsibility to keep your recovery seed safe, isolated and never exposed online (especially in the direct order) falls exclusively and entirely on the individual users.

So please never ever enter your recovery seed anywhere unless you are prompted to do so by the Trezor device. That’s a rule number one.

sckoarn · April 13, 2022, 3:42am

I got the email as well. How did they know to send it to device owners?

I did update my desk top Trezor suite, and changed my PIN. All looked good but I have Many Ronin addresses which I can not access now. But I did it all through my desktop app link, so not the email pushed address. I at no point put in my key, so I dont know why things are not working. Been doing well with the device for 6+ months now.

If I reset my device and put in my keys, will this enable me to reconnect to those addresses? They exist, just I can not move anything off those addresses.

Is it possible that some how the addresses got moved? I don’t think so.

zapla · April 13, 2022, 7:37am

hi @sckoarn

If you have not entered your seed phrase into the phishing app then it has not been compromised thus your wallet and funds in it are absolutely fine.

The only possible explanation is that you are using different seed and passphrase (than you did when those addresses were created in the first place).

That won’t be of any help because when the same recovery seed is used and the same passphrase is entered (if enabled and used), the same wallet is accessed.

There is no exception. It always generates the same wallet including the same accounts having the same addresses in the same order.
The public-key cryptography ensures it generates always the same result:

sckoarn · April 13, 2022, 10:05pm

Thanks for the reply, how would I know what the old seed phrase was, is it related to my PIN as that is all I changed.

I have tested it on two machines and both give the same result. initial connection qualification and then no reply from then on.

I will look over the Suite interface and see if I can figure this out. Changing my PIN should not cause this, I must have done something else.

Again, thanks for the reply

sckoarn · April 13, 2022, 11:06pm

I am connected again. Thank you @zapla for your words of wisdom.
From what you said, I was able to figure out what I did. Typical Noob thing I would expect.
Not stating details, just want to say thanks for the reply it was key to my understanding of what was going on.

Good Job !!!
Thanks.

zapla · April 14, 2022, 6:44am

No worries, I am glad that your issue has been resolved.

In order to learn more about the passphrase feature (creating and using hidden wallets).
Please see following article and blog post:

https://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925b

packetpinger · July 20, 2022, 8:40pm

I’m a little late to the game (as I don’t check my account too often). I saw this email today. Then I saw the email from Trezor saying their email provider (MailChimp) was compromised via a phishing attack. Thankfully, I had just upgraded my Trezor Suite. Otherwise, I probably would have clicked that link.

So, what is Trezor doing to address this???

Even if they had access to my Trezor Suite account, could they really do anything if I have my keys on my Trezor device??

reply_help · July 21, 2022, 5:55pm

How long how have you checked your Trezor device and did you click on any link ? Just to be sure @packetpinger

forgi · July 22, 2022, 12:38pm

Hi, if you did not download any malicious app and did not enter your recovery seed anywhere your funds are safe.

You can read more here: Details of the Mailchimp data breach | by SatoshiLabs | Trezor Blog