Received the following scam email from “noreply @ trezor . us”, sent through Mailjet. The email includes a link to download what I presume would be a compromised installation of Trezor Suite, which I will not include.
Dear customer,
We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers, and that the wallet associated with your e-mail address () is within those affected by the breach.
Namely, on Saturday, April 2nd, 2022, our security team discovered that one of the Trezor Suite administrative servers had been accessed by an unauthorized malicious actor.
At this moment, it’s technically impossible to accurately assess the scope of the data breach. Due to these circumstances, if you’ve recently accessed your wallet using Trezor Suite, we must assume that your cryptocurrency assets are at risk of being stolen.
In the spirit of transparency, we wanted to make our customers aware of this incident before malicious actors could utilize this information to their detriment. We felt time was of the essence, and we are expediently working through our investigation.
If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet.
I got the same , when you browse over the button to update your suite , it shows a scam address , NOT the trezor.io address , do not click this , i send the email to trezor support ,
I received today a scam email which looks quite legit and is a very good set scam. I see other users have reported it: please send a communication informing of it. Best regards.
I would like everyone to know about a recent email scam attempt being sent out. I received an email from a domain (noreply ato trezor dot us) with the following message with the following message:
Dear customer,
We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers, and that the wallet associated with your e-mail address ([email protected]) is within those affected by the breach.
Namely, on Saturday, April 2nd, 2022, our security team discovered that one of the Trezor Suite administrative servers had been accessed by an unauthorized malicious actor.
At this moment, it’s technically impossible to accurately assess the scope of the data breach. Due to these circumstances, if you’ve recently accessed your wallet using Trezor Suite, we must assume that your cryptocurrency assets are at risk of being stolen.
In the spirit of transparency, we wanted to make our customers aware of this incident before malicious actors could utilize this information to their detriment. We felt time was of the essence, and we are expediently working through our investigation.
If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet.
Sincerely,
Trezor
This includes a link where it takes you to the following page (open at risk in a virtualized instance) https://suite.trezor.net/?id=5hHL7eUm1%2B7xZUrXocyVsDEg9Ai4Bt%2BwcJg2XNX%2BApuuS7JcjHIPBjPQ
I checked with the official website (current T-Suite version is 22.3.2) but this version is reported to be version 22.4.0.
I tried to see where these two domains are hailing from but so far this is all I got:
For trezor.net:
For trezor.us:
There seems to be a .ru (for trezor dot net) domain involvement along with a bounce off from a digital ocean instance (for trezor dot us).
Yup I received it also. Unfortunately, it is one of the better phishing emails I’ve seen. Pretty well written and not coming from an obviously fake email address. Scammers gonna scam.
Got one as well - unfortunately, they sent it to trezor@< mydomain >, which is an email address that I only have ever provided to trezor.io… I would certainly appreciate an explanation of that from Satoshi Labs.
Unfortunately for me I clicked the link and downloaded it and now I got all my Bitcoin stolen. Definitely be wary of anything suspicious guys, wish I had seen this post before I clicked, I never fall for this type of crap, was so careless.