We have recently noticed a few cases of phishing emails targeting Trezor users.
The emails contain fake information about ETH merge.
Do not interact with these emails and mark them as spam.
The targeted group was most likely part of the unstopabbledomains leak:
Please note that as long as you do not expose your recovery seed and passphrase (if used) your funds are safe.
Upgrade failure
Your wallet has failed to complete the new Ethereum Merge.
Due to high pressure on our network we temporarily had to shut down all ETH services yesterday. We have since rebooted the ETH validator and all services have been restored.
We require all users to integrate manually before January 12, 2023.
What if i don’t complete the merge manually?
There is a high chance your tokens can end up stuck in the ETH PoW network. This could mean your assets are lost forever.
Visit the merge environment now to get started
Most probably a scam/fraud, yes. I’ve never heard of ETH merge fail anywhere. Which exchange is this? If you’re not a customer on that exchange, the possibility of a scam is increased, of course.
It was SPAM alleged from Trezor directly to me (the Trezor customer)!
That’s not from SatoshiLabs, who make the Trezor device.
If you found the address in an ETH token description in your Trezor device, see here:
The email came into my email address in box and of course there was a link to click on. Fortunately I did not click on the link and moved it to Phishing/junk. Thank you!!!
hi @emailgarym
I confirm that this is phishing email trying to scam you.
We have already noticed few more cases.
It looks like the targeted group was part of the unstopabbledomains leak:
Also, please note that as long as you do not expose your recovery seed and passphrase(if used) you are absolutely safe.
We will prepare and pin the post so users are informed and beware.
Thanks for heads up.
I received the same email today. (2) times. Crazy thing is, I did transfer BTC, LTC, ETH from paypal to my trezor wallet yesterday. What timing huh? Here is the email addresses trying to phish me.
BAN these email addresses:
info @ bmc-bg(.)org
webmaster @ lahojuela(.)lahojuela(.)mx
My email address leak did not come from unstoppabledomains. It came from Gemini.
In late 2022, [data allegedly taken from the Gemini crypto exchange was posted to a public hacking forum]. The data consisted of email addresses and partial phone numbers, which Gemini later attributed to [an incident at a third-party vendor] (the vendor was not named). The data was provided to HIBP by a source who requested it be attributed to “ZAN @ BF”.
Compromised data: Email addresses, Partial phone numbers
