The hackers primarily targeted the customers of two cryptocurrency wallet security firms.
Crypto hackers were duping customers to reveal their account recovery phrases
Photo Credit: Unsplash
A cybersecurity expert has warned that hackers have now started targeting customers of a cryptocurrency wallet security company, ironically sending physical letters to users, to access their crypto wallet recovery phrases. Recently, a report highlighted that bad actors have started duping industry leaders and stakeholders with fake Zoom video conferences and compromised Telegram accounts. In the last few years, crypto scams have become increasingly sophisticated, and bad actors have become more crafty with their tricks.
In a post on X, Dmitry Smilyanets, a cyber threat intelligence expert and Senior Director of Product Management at Recorded Future, has highlighted that a group of hackers has sent fake physical letters to multiple customers of Trezor, a cryptocurrency wallet security company, impersonating the firm. He pointed out that the letter carries a hologram and a QR code to a fake website. The hackers have also used the signature of Trezor CEO, Matěj Žák, in an attempt to dupe customers.
Separately, an X user has also posted, claiming that Trezor is not only the company that cryptocurrency hackers are impersonating. Similar letters, with the company letterhead, were reportedly mailed to the customers of Paris-based Ledger, another cryptocurrency security firm. The fake Ledger letters followed the same format, including the signature of the company's Chief Technology Officer (CTO), Charles Guillemet.
Both letters were shown to have a similar subject line, informing customers that Trezor and Ledger will “soon” make the authentication of each transaction “mandatory”, calling it a new security feature to “provide greater confidence” in the safety of their transactions.
The fake letters then instructed recipients to scan the QR code with their smartphones and follow the steps shown on the screen to avoid service disruption. Smilyanets highlighted that this QR code redirects users to a “scam website”, which is designed (via Crypto.News) to steal the account recovery phrases of customers, consequently gaining unauthorised access to their wallets.
Replying to the post, Trezor confirmed that the company “never” contacts its customers first, while warning users to “never share” their wallet backup with anyone. The firm advised users to verify the official channels before moving forward. “Stay safe out there, everyone,” Trezor said in a statement.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.