A sophisticated phishing scam has targeted users of the Trezor hardware wallet and almost certainly will have tricked some into giving up their hard-earned crypto.
The scam was unique in that the URL used by the hackers was somehow the same as the real URL.
Trezor released a statement to its customers in the last few hours informing them of the “critical threat.”
“The fake Trezor Wallet website was served to some users who attempted to access wallet.trezor.io — the legitimate address,” the statement said.
“The fake Wallet displayed an alert, asking the user to restore their recovery seed, due to memory damage.”
By entering the 12 or 24 Trezor recovery seed, a user will have given scammers access to their coins.
Micky knows of one Australian man who was targeted in the scam last Friday.
He said the website looked completely legitimate, although he was confused by the request for a recovery seed.
“I looked at it and thought it seemed strange, but I checked the URL and it didn’t appear to be a phishing site,” the man, who wished to remain anonymous, said.
“I chose to ignore it and do some research before taking any further steps. I’m glad I did.”
Trezor says it is now investigating the scam and is urging customers to remain vigilant.
“We would like to thank everyone for their cooperation while we investigate this issue further,” it said.
“At this moment, the fake Wallet has been taken down by the hosting provider.
“However, you should remain vigilant and report all suspicious sites.
“It is possible that this attack method will be used repeatedly in the future.”
You can read the full Trezor warning here.