.jpg/BROK/thumbnail/1600x900/format/jpg/quality/80/Bridget---Guilty-Gear-Strive-Season-2-(1).jpg)
Hackers build similar open-source apps to try and steal cryptocurrency
Phishing attacks have proven to be a threat to all kinds of PC users in 2022, but are especially rampant in the crypto and NFT space. We’ve seen scammers use Discord to try to steal cryptocurrencies, and NFTs have been scammed in OpenSea phishing scams.
Now, cryptocurrency wallet provider Trezor has found its users under attack.reporter beeping computerTrezor’s mailing list was used to target users and trick them into downloading fake software versions designed to steal their crypto assets.
The original Trezor software was open source, so the code could be downloaded, in which case it could be manipulated by others. This spoofed version is likely to be slightly altered from the original, as it even has a Trezor banner warning customers to beware of phishing scams.
Once downloaded, the software asks the user to set a recovery phrase when setting up the wallet for the first time. If lost, this recovery phrase acts as a key to recover your wallet. Once the user enters the key, the game is over. Recovery phrases are sent back to the scammers, who can now claim all their crypto assets for themselves.
Needless to say, you should always be very careful with anything online with your recovery key. Because phishing scams are so sophisticated, it can be difficult to distinguish a legitimate website or program from a fake. Due to the use of special characters, even the website associated with downloading this particular scam looks legit. It’s always a good idea to double-check anything that asks for a security key or password, there are definitely dragons out there.
Trezor believes this particular dragon targeted one of its newsletters hosted on the automated email platform Mailchimp and was being used for nefarious purposes. Trezor also said in a tweet Mailchimp has confirmed that there are insiders targeting the cryptocurrency company, but Mailchimp itself has not made a statement on the issue.
MailChimp has confirmed that their service has been compromised by insiders targeting the crypto company. We have managed to take the phishing domain offline. We’re trying to determine how many email addresses were affected. 1/April 3, 2022
Now, it’s best to be a little suspicious of every email, and be sure to do some checking before handing over any information or installing files on your PC. If something looks suspicious, logging into the service on a different browser or machine is always a sensible step. Manually typing links instead of clicking them, and double-checking them against known websites is also a great way to avoid trouble.
With all these cryptocurrency-specific hacks, avoiding them together may also be the best way to stay safe in these fun times. And don’t forget to update your password!