Fake security breach notification

Received the following scam email from “noreply @ trezor . us”, sent through Mailjet. The email includes a link to download what I presume would be a compromised installation of Trezor Suite, which I will not include.


Dear customer,

We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers, and that the wallet associated with your e-mail address () is within those affected by the breach.

Namely, on Saturday, April 2nd, 2022, our security team discovered that one of the Trezor Suite administrative servers had been accessed by an unauthorized malicious actor.

At this moment, it’s technically impossible to accurately assess the scope of the data breach. Due to these circumstances, if you’ve recently accessed your wallet using Trezor Suite, we must assume that your cryptocurrency assets are at risk of being stolen.

In the spirit of transparency, we wanted to make our customers aware of this incident before malicious actors could utilize this information to their detriment. We felt time was of the essence, and we are expediently working through our investigation.

If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet.

Sincerely,

Trezor

9 Likes

I got this at the same time, thanks for posting

3 Likes

Same here. Hopefully no one will be fooled by it.

2 Likes

Same here. Nowadays, many scammers.

2 Likes

I got the same email, this one was very convincing due to the @trezor.us domain

2 Likes

I got the same email and finally found this blog to confirm my suspicion. Thanks for posting this.

2 Likes

I f’d up and got rug pulled. What can I do? :broken_heart:

2 Likes

same here.
anything happens after installing Trezor Suite app following this email??
I just downloaded app and about to connect Trezor.

2 Likes

Same here, logged into this site to confirm that it was fake. Thanks for all the good info.

2 Likes

I got this one as well. For an email I only used for the Trezor announcement list and nothing else.

I purchased my Trezor from a reseller using a different email address.

I use this forum with a different email address again.

So it would appear to me from the above information that some or all of the Trezor announcement mailchimp email list has been acquired by scammers.

2 Likes

I got the same , when you browse over the button to update your suite , it shows a scam address , NOT the trezor.io address , do not click this , i send the email to trezor support ,

2 Likes

I received today a scam email which looks quite legit and is a very good set scam. I see other users have reported it: please send a communication informing of it. Best regards.

3 Likes

I also received the same email and also reported it. It was one of the best looking phishing emails I’ve seen.

3 Likes

I got this one as well. For an email I only used for the Trezor announcement list and nothing else.

I purchased my Trezor from a reseller using a different email address.

I use this forum with a different email address again.

So it would appear to me from the above information that some or all of the Trezor announcement mailchimp email list has been acquired by scammers.

1 Like

Hello,

Is this for real? It looks like it is.

Sender: [email protected]

1 Like

I would like everyone to know about a recent email scam attempt being sent out. I received an email from a domain (noreply ato trezor dot us) with the following message with the following message:

Dear customer,

We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers, and that the wallet associated with your e-mail address ([email protected]) is within those affected by the breach.

Namely, on Saturday, April 2nd, 2022, our security team discovered that one of the Trezor Suite administrative servers had been accessed by an unauthorized malicious actor.

At this moment, it’s technically impossible to accurately assess the scope of the data breach. Due to these circumstances, if you’ve recently accessed your wallet using Trezor Suite, we must assume that your cryptocurrency assets are at risk of being stolen.

In the spirit of transparency, we wanted to make our customers aware of this incident before malicious actors could utilize this information to their detriment. We felt time was of the essence, and we are expediently working through our investigation.

If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet.

Sincerely,

Trezor

This includes a link where it takes you to the following page (open at risk in a virtualized instance) https://suite.trezor.net/?id=5hHL7eUm1%2B7xZUrXocyVsDEg9Ai4Bt%2BwcJg2XNX%2BApuuS7JcjHIPBjPQ

I checked with the official website (current T-Suite version is 22.3.2) but this version is reported to be version 22.4.0.


I tried to see where these two domains are hailing from but so far this is all I got:

For trezor.net:

For trezor.us:


There seems to be a .ru (for trezor dot net) domain involvement along with a bounce off from a digital ocean instance (for trezor dot us).

Be careful out there!

4 Likes

Yup I received it also. Unfortunately, it is one of the better phishing emails I’ve seen. Pretty well written and not coming from an obviously fake email address. Scammers gonna scam.

3 Likes

Got one as well - unfortunately, they sent it to trezor@< mydomain >, which is an email address that I only have ever provided to trezor.io… I would certainly appreciate an explanation of that from Satoshi Labs.

1 Like

Unfortunately for me I clicked the link and downloaded it and now I got all my Bitcoin stolen. Definitely be wary of anything suspicious guys, wish I had seen this post before I clicked, I never fall for this type of crap, was so careless.

2 Likes

Same for me. The email that the hacker used for me was only used for Trezor. I too would like to know how the hacker got this email address.

1 Like