Don’t forget to tell your parents and grandparents and relatives who are tech challenged to not fall for this. I helped my Mom get on trezor and I know she would fall for this.
3 Likes
I concur with John_DC, MX/SPF, header analysis, etc. confirm email coming from a valid source, meaning account within trezor compromised and sending this email.
1 Like
Did notice one difference in the account sending from previous valid accounts though.
There is no hyphen in this noreply@, usually its no-reply@…
2 Likes
I received the same email that I suspected to be phishing. The trezor dot io domain must have been compromised.
1 Like
I concur with those above as well. This is quite a serious one as SPF and DKIM shows as OK. As mentioned above, your Sendinblue account might be compromised.
Of course I would never disclose my recovery information, but this one really made me wonder (and I am working with this kind of stuff).
Same here. Given that this is the second third-party account of them that has been compromised within a very short timeframe, it makes you wonder about their internal security controls and processes.
Not good.
I was always pointing fingers at Ledger, given their track record. It would be sad if I had to start pointing fingers at Trezor as well.
2 Likes
Seen this many times for Companies that do not have 2FA or other measures in place to lock down systems.
Never trust any link within Emails, go directly to any companies website by typing out their site yourself.
1 Like
Thanks for this warning. It was not proactive nor easy to find and I fear a lot of Trezor users will fall for this scam. You need to own, take responsibility, and fix this as a company. Please post and publicize what happened, and what you have done to prevent a recurrence.
1 Like
We have already announced publicly and more updates will follow:
Great that you announced it on X but why doesn’t every customer / interessent get an email about this within the hour?
This is really serious shit because it looks like you’ve been compromised and they are targeting customers very skilled 
e.g. my mail is only known because it’s in the order-db…
1 Like
Please, be patient. You will receive our response and updates very soon.
Keep in mind your funds are safe.
1 Like
I received the phishing email as well. I’d never give out my recovery seed but I did click on the link. Said it couldn’t connect to that website. Does this mean the problem is fixed? Do I need to be concerned?
This is an insane statement. Funds are NOT safe if people fall for this phishing email, a phishing email that is very sophisticated and is coming from your domain.
The point is to warn your customers, not just by a post on this forum, but by actively contacting each customer with an email.
This should have been the very first thing to do.
2 Likes
I got it also, it arrived to a unique address used only for newsletter which I signed up for within last year.
1 Like
we have actively informed all the effected users in a separate email last night.
Yes, of course, that is correct, what I meant is that the email itself does not compromise the security of your HW wallet as such. The security is always based on keeping your seed safe.
This breach is looking as though it is WORSE than is being reported.
I received the “Assets undergoing upgrade” email - to an email address I use only for Trezor. On reading in the news that Trezor are stating 66k users affected that have interacted with their ticketing system since Dec 2021 - I want to let you know that this is incorrect. I have not interacted with the system since Feb 2021
Last night’s incident is a separate one, please see more here:
I received this phishing email also, and it certainly made me put my coffee mug down. The text was the usual garbledeegook, but the apparent origin was what made me sit up. I know people will be affected by this.
I think users would now like to know the specific nature of the newsletter database compromise. What happened there? The blog posting says “The email was dispatched using a third-party email service provider we use.” OK, how? What’s the nature of this? Are we all going to be getting slick, malicious emails into perpetuity now?
For me, the most important thing is linked to this blog statement:
“We have sent out an email to the affected user base alerting them to the situation.”
Well, if you’ve done that, that’s news to me. I received the phishing email, and I did NOT receive any subsequent emails from Trezor. Somebody’s missing something here. I don’t check social media regularly and expect to be notified by email of these types of things, but that hasn’t happened. Other users have provided their opinions that notification via social media is perhaps necessary, but alone insufficient, and I would have to agree with that. So, take note, and glean what you can from the fact that I got the malicious email but not your notification email. This could well mean the compromise is larger than, or different from, what you might think.
1 Like
Today I received an email like this. Fortunately it occurred to me to consult the Trezor forum. They should send a message to Trezor users warning of the situation.