Fake Trezor "Critical Vulnerability Notice" warning

[examplens]

Today, I received a phishing email warning me of a critical vulnerability in the Trezor firmware. The email contains a link that should be used to perform an emergency firmware update.
It is important to note that all phishing links go to the extend.com domain.
The matter was officially confirmed by the Trezor on X https://x.com/Trezor/status/1938849061760553069

What is even more strange to me is that I received this email at two different email addresses, both of which were registered with Trezor at some point (then there was a specific reason and need for it). One of those addresses is only used on a couple of sites besides Trezor, so I'm not sure if the scammers collected data from the Trezor database or from somewhere else.

[Alphakilo]

Thank you for this warning notice.

I think this topic is better suited for the Beginners and Help board because that's where most people will get to see it and get informed.  Although not Trezor, I have received similar emails and it makes me to wonder how my email address got compromised.

As for Trezor,  the compromise may have been from a third party which they at some point used. All the same it drives home the message that one should not click on any suspicious links.

[Potato Chips]

Thanks OP.

I just checked the email I used to order trezor HW years ago, and found I've been getting spammed LOL. I looked into it, and they're all scams that request folks to install malicious firmware updates as well.



Sadly, this is actually one of my old emails and I've used it to many other websites before. Though, since there were incident before that leaked a portion of trezor users' emails, I wouldn't be surprised if it is one of the source for this.

Stay safe, everyone.

[albon]

It's good that you shared this important warning.

Trezor is a reliable and user-friendly cold wallet and a leader in the industry. However, any mistake on the part of the user's side could put their assets at risk of theft.. This data breach involving customer information will open the door for scammers to try to target their victims via email. Therefore, any message related to Trezor should be treated with caution.

It is best not to rely on emails and avoid downloading attachments or clicking on links, which are usually hidden behind text and don't clearly reveal the destination URL. The Phishing websites will continue to harass users,, but with increased user awareness, their harmful impact will be diminish.

[Lucius]

~snip~
What is even more strange to me is that I received this email at two different email addresses, both of which were registered with Trezor at some point (then there was a specific reason and need for it). One of those addresses is only used on a couple of sites besides Trezor, so I'm not sure if the scammers collected data from the Trezor database or from somewhere else.

Considering that their database has been hacked at least once, it's not surprising that those who have ever had any dealings with them are receiving such emails. However, a few days ago I received an email related to the Ledger leak that is very similar to what you showed - so someone may be using that database and sending everyone different emails.

Such e-mails are best reported as spam in order to protect others, because in that case they will end up directly in spam folders.

It's good that you shared this important warning.
Trezor is a reliable and user-friendly cold wallet and a leader in the industry.

Nothing that connects to the internet is by definition a cold wallet - and if there is no workaround to install firmware and coin apps on the device, it is just an ordinary hardware wallet that is exposed to any online risk. When it comes to Bitcoin, anything other than an air-gapped wallet has become pointless (for me personally), because times and prices have changed so much that our habits have to adapt to it.

[examplens]

Considering that their database has been hacked at least once, it's not surprising that those who have ever had any dealings with them are receiving such emails. However, a few days ago I received an email related to the Ledger leak that is very similar to what you showed - so someone may be using that database and sending everyone different emails.

Such e-mails are best reported as spam in order to protect others, because in that case they will end up directly in spam folders.

The scammer has obviously decided to make maximum use of the email address base he has; a new email with similar content has arrived. This time from the new address <noreply @ 3m.com>.

Of course, there will be a report; the sender is also aware of that, that's why he changes domains.

[dkbit98]

One of those addresses is only used on a couple of sites besides Trezor, so I'm not sure if the scammers collected data from the Trezor database or from somewhere else.

I received this phishing email and I never used this email address for purchasing any Trezor device.
That means that it's not directly involved with Trezor leak, and this is not the first timew I received similar phishing messages.
Anyway, if you can choose than it's always better to buy hardware wallet locally for cash, that makes it zero chance for leaking any personal information.

[Lucius]

The scammer has obviously decided to make maximum use of the email address base he has; a new email with similar content has arrived. This time from the new address <noreply @ 3m.com>.
Of course, there will be a report; the sender is also aware of that, that's why he changes domains.

If it's about the Ledger database, then most of the hackers didn't even have to pay anything, considering that it was published publicly - and although it can't be ruled out that the database is used by the same people from time to time, it seems to me that there are a lot of new kids who want to get rich overnight and think "why not try?".

Unfortunately, I have no doubt that a small number of people will always fall for such a cheap trick, but that's the reality.