A new phishing or fake link attack is in development in the bitcoin ecosystem. A group of hackers who in October tried to steal funds from users of the hardware wallet, Ledger, is now targeting those of the Trezor wallet.
The pirates use the same modus operandi applied two months ago. The plan in development is to send fake emails to users with information about their wallets being disabled. The fake statement includes an act of the new KYC (Know Your Customer) regulatory standards.
The origin of the attack would be related to a data leak of Ledger users. It is that same database that the hackers would be using, but now identifying their message with the Trezor brand.
The manufacturer warned about what was happening on its Twitter account and clarified that the wallets have no problem. Besides, he invited users to keep their private keys safe, so this is the way not to put their bitcoin and cryptocurrencies at risk.
“Attackers are using Ledger’s leaked database to spam people in the hope that they also own the Trezor device. Please ignore these phishing attempts and keep your seed (private keys) safe. Your Trezor is fine” was the message posted on the manufacturer’s social network.
Hardware Bitcoin Wallets…without Security Risks?
Another warning message was sent by Bitcoin evangelist Andreas Antonopoulos, which said that the word Trezor used by hackers is misspelled. The author of the book “Mastering Bitcoin” said that criminals use a zero (0) instead of a letter O to trick users.
The lecturer clarified that the attack has nothing to do with Trezor; the hackers used the same false name and an alleged code that does not represent any particular situation. Antonopoulos also defended the security of hardware wallets by saying:
“This violation of the sales database (of Ledger) guards no relation to the security of the hardware wallets (…) This has nothing to do with Trezor the same database is used simply to pursue and find more victims, ”Antonopoulos posted on Twitter.
Jameson Lopp, CTO of startup Casa also argued and warned about the situation regarding Trezor Lopp shared an image containing the Internet address (URL) for the false data verification. It is unknown if there are people who have been victims of the attack and the amounts in danger.
A report in October mentioned the situation about the Ledger wallets and their users. At that time the company indicated that hackers took advantage of a vulnerability in the system to make a breach and reach toward the data. The failure was fixed after the data leak, the company said.
It is important to remember that no hardware or software wallet manufacturer requests private keys from their users. These keys work as seeds or seed words; it is a series of 12, 24, or 36 words that validate the ownership of the funds that are in a portfolio. They also serve as a security element in case of theft or loss of the purse.
By: Jenson Nuñez.
