Trezor wallets hacked? Don’t be duped by phishing attack email

Trezor wallets hacked? Don’t be duped by phishing attack email

Trezor wallets hacked? Don't be duped by phishing attack email

Owners of hardware Trezor cryptocurrency wallets should be on their guard after an email was sent out by thieves attempting to dupe them into downloading new software to their devices.

The emails claim that Trezor, which has been making physical USB-like devices to protect the cryptocurrency and tokens of users since 2014, “experienced a security incident” yesterday that breached the data of 106.856 of its customers.

Trezor phishing email

Part of the email reads:

At this moment, it’s technically impossible to accurately assess the scope of the data breach. Due to these circumstances, if you’ve recently accessed your wallet using Trezor Suite, we must assume that your cryptocurrency assets are at risk of being stolen.

However, in reality, the email is not from Trezor at all – but is instead an attempt to dupe unsuspecting owners of Trezor devices into downloading a bogus version of the company’s desktop suite software from a lookalike website.

Fake trezor website

If you were unfortunate enough to click on the link offered in the email you would find yourself taken to: https://suite.trẹzor.com

Notice anything odd about that? Take a closer look.

Fake trezor url

Now you’ll hopefully notice that there is an underdot under the letter “e” in “trẹzor” in that URL. And that means you’re not going to the real Trezor website (which is at https://trezor.io – the real domain is not even .com!)

This is known as a unicode domain phishing attack.

EmailSign up to our newsletter
Security news, advice, and tips.

So, don’t trust the email. Don’t click on the link. The genuine Trezor Suite doesn’t ask you for your wallet’s private keys and doesn’t store them online, but who knows what this bogus software might ask you to do.

If you do want to update your Trezor’s firmware or desktop software, go to the official Trezor website instead.

One question remains – how did the malicious email get sent to so many Trezor customers? Is it possible Trezor, or one of its marketing partners, has suffered a security breach that has exposed members of its mailing list?

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published.