Phishing attacks have already been proven to be a danger to all kinds of PC users in 2022 but are especially rampant in crypto and NFT spaces. We've already seen scammers use Discord to try to steal cryptocurrencies, and NFTs swindled in the OpenSea phishing scam.
Now the cryptocurrency wallet provider, Trezor has found its users under attack. Reported by Bleeping Computer, Trezor's mailing list was used to target users, and trick them into downloading a fake version of the software designed to steal their crypto assets.
The original Trezor software is open source, so the code is available to download and in this case be manipulated by others. It's likely this spoofed version is just very so slightly changed from the original as it still even has the Trezor banner warning customers to beware of phishing scams.
Once downloaded, the software asks for a recovery phrase that would have been set by the user when setting up their wallet the first time. This recovery phrase acts as a key to get back into the wallet if lost. Once the user enters the key, then it's game over. The recovery phrase is sent back to the scammers who can now claim all your crypto assets for themselves.
It goes without saying that you should always be incredibly careful using recovery keys for anything online. With phishing scams this sophisticated it can be incredibly difficult to tell a legitimate site or program from a fake. Even the websites associated with the download for this particular scam looked legitimate due to the use of special characters. It's always a good idea to double check anything asking for a security key or password, there are absolutely dragons out there.
Trezor believes this particular dragon targeted one of its newsletters hosted on the automated email platform Mailchimp and was co-opted for nefarious purposes. Trezor also stated in a tweet that Mailchimp confirmed that an insider had targeted crypto companies, but there's yet to be a statement from Mailchimp itself on the issue.
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/April 3, 2022
For now it's best to treat every email with a bit of suspicion, and definitely do a few checks before handing over any information, or installing files onto your PC. Logging into the service normally on a different browser or machine is always a smart step if something looks suspicious. Typing links manually instead of clicking on them, and double checking them against the known website is also a good move to avoid trouble.
With all these hacks targeting crypto currencies in particular, it could be that avoiding them all together may also be the best way to stay safe out there in these interesting times. And don't forget to update your passwords!