Trezor crypto wallets under attack in SMS phishing campaign

1 year ago AndyC

Willie
Sutton,
the
criminal
who

became
legendary
for
stealing
from
banks
during
a
forty
year
career,
was
once
asked,
“Why
do
you
keep
robbing
banks?”

His
answer?
“Because
that’s
where
the
money
is.

Willie
Sutton,
the
criminal
who

became
legendary
for
stealing
from
banks
during
a
forty
year
career,
was
once
asked,
“Why
do
you
keep
robbing
banks?”

His
answer?
“Because
that’s
where
the
money
is.”

However,
today
there’s
a
better
target
for
robbers
today
than
banks,
which
are
typically
well-defended
against
theft…

Cryptocurrency
wallets.

Trezor,
the
manufacturers
of
one
of
the
world’s
leading
hardware
wallets
that
promises
to
store
securely
the
private
keys
of
cryptocurrency
investors,
has

warned
its
users
to
be

wary
of
SMS
text
messages
that
claim
it
has
suffered
a
security
breach.

Some
Trezor
users
report
receiving
SMS
messages
that
warn
they
may
be
at
risk
of
losing
their
mountains
of
Monero,
bags
of
Bitcoin,
and
packs
of
Dogecoin:

Trezor
Suite
has
recently
endured
a
security
breach,
assume
all
your
assets
are
vulnerable.
Please
follow
the
security
procedure
to
secure
your
assets:
<LINK>

Should
you
click
on
the
link?
Of
course
not.

Trezor
advises
that
it
never
contacts
its
users
via
SMS.

But
if
you
were
to
panic
that
you
might
be
about
to
see
your
Ethereum
disappear
into
the
ether,
and
did
recklessly
click
you
would
be
taken
to
a
website
that
shares
more
details
of
the
alleged
breach:

Your
assets
might
be
at
risk!
At
this
moment,
its
technically
impossible
to
accurately
assess
the
scope
of
the
data
breach.
Due
to
these
circumstances,
if
you’ve
recently
used
your
Trezor
Suite,
we
must
assume
that
all
your
assets
are
currently
at
risk.
In
the
spirit
of
transparency,
we
want
to
make
our
customers
aware
of
this
incident.
We
felt
time
was
of
the
essence,
and
we
are
expediently
working
through
our
investigation.
If
you
received
this
message
it
means
that
you’ve
been
affected
by
the
breach.
In
order
to
protect
all
your
assets
please
follow
the
procedure
to
secure
your
assets

At
which
point,
the
page
asks
for
some
very
sensitive
information:

Yes,
the
webpage
asks
users
to
enter
the
secret

recovery
phrase
for
their
Trezor
hardware
wallet.
This,
combined
with
a
user’s
12
or
24-word
recovery
seed,
would
allow
a
criminal
to
access
your
cryptocurrency
fortune.

Trezor
says
it
has
seen
no
evidence
that
its
systems
have
been
compromised,
or
that
criminals
have
accessed
its
database
of
customers
in
order
to
send
the
SMS
messages.

But
what
is
clear
is
that
cybercriminals
are
hell
bent
on
breaking
into
hardware
wallets,
typically
used
by
those
who
have
the
biggest
cryptocurrency
fortunes
to
lose.

Last
year,
for
instance,
I

described
how
cybercriminals
targeted
owners
of
Trezor
hardware
wallets
with
emails
that
also
claimed
there
had
been
a
security
breach,
in
an
attempt
to
scare
victims
into
installing
a
bogus
firmware
update
onto
their
devices.

Editor’s
Note: The
opinions
expressed
in
this
guest
author
article
are
solely
those
of
the
contributor,
and
do
not
necessarily
reflect
those
of
Tripwire,
Inc.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts