Trezor's 3rd-Party Support Portal was Hacked

[Pmalek]

Yeah, Trezor has suffered a second data breach on 24 January. It's again an issue with a 3rd-party. This time, it was their email service provider that got hacked and scammers sent out phishing emails. As dkbit98 mentioned, the users who signed up for their newsletters are affected. The worst thing is that the emails were sent from an official Trezor email address - noreply@trezor.io.

What's next

[1714221660]

1714221660

[1714221660]

1714221660

[1714221660]

1714221660

[dkbit98]

The worst thing is that the emails were sent from an official Trezor email address - noreply@trezor.io.

Are you sure it's the exact same official email address and not something nearly identical but hidden with punycodes and coming from different source?

Congrats on being selected as one of the ''lucky'' winners from everyone who applied for trezor newsletter... I was not that ''lucky''.  

[tread93]

The worst thing is that the emails were sent from an official Trezor email address - noreply@trezor.io.

Are you sure it's the exact same official email address and not something nearly identical but hidden with punycodes and coming from different source?

Congrats on being selected as one of the ''lucky'' winners from everyone who applied for trezor newsletter... I was not that ''lucky''.  

I definitely wouldn't call it being a winner or lucky it's called being phished lol. I know that trezor officially recognized this email scam tactic and was pretty proactive with how they handled this scam. Is anyone else under that impression??? Certainly Trezor needs to uphold their reputation, from what I can see they have been very transparent. What I am not liking is info I saw recently from a hacker forum that explained Trezor gets notifications when and how you use your devices with them 

[Pmalek]

Are you sure it's the exact same official email address and not something nearly identical but hidden with punycodes and coming from different source?

It's from their email provider. The service handling their emails got hacked. I don't know why that's something they would outsource to a third party, and why they couldn't have handled that themselves in-house. But like with anything, companies only change when shit happens.

Congrats on being selected as one of the ''lucky'' winners from everyone who applied for trezor newsletter... I was not that ''lucky''.  

I guess the hackers didn't recover the entire database or they did but didn't yet sent their phishing emails to everyone. Perhaps you will receive one in an upcoming batch. Have you checked the email today if there is any spam?

[RickDeckard]

And it seems that a batch of new e-mails were sent to some customers notifying them of an upgrade to their assets[1]. It looks like a more ellaborated scam attempt than we usually see per Reddit comments:

Not just the signature (that isn't usually perceived by "normal" users), but even the link the scam was pointing to was legit. First thing you would check about is the links, but the link were legit, so this could have fooled a bunch of people.. if you know how it works (hence I did), you come to a conclusion: wow, this is a phishing email, but everything in the email is legit, a scammer can't do that without hacking the backend (or obtaining access to the platform).. and you come here on Reddit to check. But what about the other thousands people out there, they may easily fall for it, because the contents (maybe not the spell) were all legit.

I fear that this is only the start of a long campaign in draining the funds of users that were both unaware of this 3rd-party support portal hack and are not that savvy in what concerns their devices and best security practices...
[1]https://teddit.zaggy.nl/r/TREZOR/comments/19enqtd/security_alert_weve_detected_an_unauthorized/

[PrivacyG]

I fear that this is only the start of a long campaign in draining the funds of users that were both unaware of this 3rd-party support portal hack and are not that savvy in what concerns their devices and best security practices...

Holy Moly.  I received a message from Trezor too and it seemed legitimate at first.  Being a little bit tech savvy though I quickly realized it can not be real and ignored it.  But this can easily fool the regular person using Trezor or Bitcoin, all it takes is them having trust in the Trezor team.

Trezor should add multiple warnings in the boxes of their products.  They should make it clear to every body that Private Keys and Seeds should NEVER be given away even to the Support team of Trezor or it may lead to loss of funds.  Even after so many years, too many people STILL do not understand this.

Hell.  I would add such a warning on the boot screen too and particularly on the Seed Phrase paper.  Bold text on red background, make them notice the warning before attempting any thing stupid.

[Pmalek]

@PrivacyG
I guess you received the one that came from the official Trezor email handle telling you that your assets are being upgraded and that you need to confirm your holdings by entering your seed phrase. Even though it came from Trezor's official email, anyone asking for your seed and private keys should immediately ring all kinds of red alarms on the user's end. Most hardware wallet users should have enough knowledge to know this. Trezor now has a big red notification in its Trezor Suite informing all users about the phishing emails and importance of not sharing sensitive data with anyone.