Just got this one in my Junk box. I think the email addresses leak is related with the ones used in the purchasing process at Trezor’s store:
Hi @mau_lo
Thanks for reporting the phishing mail. We have reported the website and notified the domain registrars.
1 Like
SCAM email received:
from [email protected]
Action Needed: Quantum Computing Firmware Update
We are writing to you today with an urgent security notification regarding a newly discovered, sophisticated threat vector affecting older Trezor hardware wallets.
Over the past few weeks, our security team has been investigating isolated reports of asset theft from users. After a thorough analysis in collaboration with leading cybersecurity firms, we have concluded that these incidents are the work of a state-sponsored threat actor group from China leveraging advancements in quantum computing.
Vulnerability Details: Quantum Breach of ECC
The attackers are using quantum computers to run Shor’s algorithm, a procedure that can efficiently break the Elliptic Curve Cryptography (ECC) standard, specifically the secp256k1 curve used by Bitcoin and most other cryptocurrencies. This allows them to derive a wallet’s private key directly from its public key, granting them full access to the funds. This attack vector specifically targets cryptographic signatures generated by older firmware versions which are not quantum-resistant.
Update Your Firmware
To protect your assets from this threat, we have released a mandatory firmware update for all Trezor devices. This update is critical as it fundamentally changes how your device generates and secures your cryptographic keys.
The new firmware implements a post-quantum cryptographic (PQC) signature scheme based on the CRYSTALS-Dilithium standard. When you update, your device will re-issue a new set of primary keys using this quantum-resistant algorithm, rendering the previous vulnerability obsolete.
Failure to update will leave your assets exposed to this ongoing threat.
Please connect your Trezor device and use the official Trezor Suite to perform the update immediately:
[Update Firmware in Trezor Suite]
Your security is our highest priority. We apologize for the urgency of this matter and are confident that this firmware update will ensure the long-term safety of your digital assets against this next generation of threats.
Sincerely,
The Trezor Team
© 2025 SatoshiLabs, s.r.o. All rights reserved.
If you did not request this email, please disregard it.
Hi @kenno ,
Thanks for reporting the phishing mail. We have reported the website and notified the domain registrars.