The development team warned users about a phishing attack and asked them not to let their guard down, strongly recommending that they follow security rules.
Trezor support received complaints from users about receiving a notification about an invalid SSL certificate and a requirement to enter a seed phrase to restore access when trying to access the original website of the wallet wallet.trezor.io. Having fulfilled the requirements, users were redirected to the fake Trezor Wallet website created by scammers.
Thanks to such complaints, the Trezor team responded to the attack in time, and the fake wallet was already closed by the hosting provider. The company's specialists analyze fraud methods. Presumably, the hackers were able to use DNS spoofing, better known as DNS cache poisoning. One of the methods of computer hacking is when domain name cache data is changed by hackers and redirected to a fake IP address.
To date, there are no completely effective methods to combat such attacks, however, it is possible to reduce the level of danger and such recommendations are given in the official message by the Trezor company.
1. The company will never request confidential information, especially a seed phrase on an Internet resource. The mnemonic phrase is intended only for the device itself and is entered only on it.
2. You must carefully check the https icon in the upper left corner of your browser's address bar. When the connection is secure, it glows green. The creators of the wallet emphasize that you should only trust the display of the hardware device.
3. Double-check the correctness of the address in the browser bar (wallet.trezor.io) and the presence of the Secure icon.
Recently, hackers have become more active in the hope of easy money and this requires greater vigilance from users. Recently, a phishing crypto wallet, Cardano ADA Wallet, was detected in Google Play applications. This week, a new crypto-hijacker virus was discovered tracking and controlling crypto addresses.
You May Also Like
Robinhood accused of selling customer data or free cheese again
Investing platform Robinhood, which is rapidly gaining popularity, appears to be making up for lost profits from zero commissions by selling users' data to make a quick buck at high-speed trading firms (HFTs) on Wall Street.
Another phishing app found on Google Play
A video posted last week by cybersecurity specialist Lukas Stefanko revealed a malicious app hosted on the Google Play Store that steals users' login credentials for regular banking and cryptocurrency apps.
