Evolution journalist
Good people
Evolution journalist
Good people
Involve
Trezor issued a high -end security warning after attackers used his support form to send emails to hunt to users.
The company confirmed that the fraudsters submitted fake support requests using email addresses associated with real users, prompting the system to send mechanical responses that simulate the legitimate Trezor support messages.
in General statementTrezor explained that there is no internal breach of the email system or an external side solution. Instead, attackers used the automatic response system against it.
Email messages for pure hunting urged users to reveal the backup information information, a very sensitive key that gives access to all funds.
The company wrote on X.
Trezor says that exploitation has now been contained. However, the company is actively looking for additional guarantees to prevent future abuse of infrastructure to support it.
Avoid the intelligence of traditional piracy methods by exploiting the customer service infrastructure in Trezor from abroad.
The attackers have submitted fake support requests through the Trezor contact form using the electronic email addresses to the target users, which leads to automatic responses from the company’s legal support system.
The company explained, on the state of security, that “the attackers contacted us on behalf of the affected headlines, which automatically led to automatically as a legitimate support message.”
The automatic responses have become the ideal car for fraud, which appear completely authentic because it was created by the actual systems of Trezor instead of the deceitful external sources.
After that, these legitimate emails were then armed to request the backup of users or seed phrases under various pretexts, and to exploit confidence users in official communications from their device wallet provider.
Soon, Trezor explained the scope of the accident, stressing that no internal systems were hacked during the attack.
“There was no email breach,” the company stated, explaining that the exploitation was limited to the abuse of the external communication model function. The communication model itself remains “safe and safe” for legitimate customer inquiries.
The company confirmed that the issue of security has been contained and that it was “actively looking for ways to prevent future abuse” of the infrastructure to support it. Despite the nature of the attack, Trezor stressed that the basic safety protocols remained intact throughout the accident.
The Trezor incident is the latest in a series of hunting attacks that targeted the main players in the encryption industry in recent weeks.
Just two days ago, CoinmarketCap witnessed a similar exploitation as a harmful symbol was injected to display the population population, which leads to verification of their wallets.
The popup has prompted users to “verify the wallet”, which leads to attempts to hunt that led to a compromise of 76 accounts, with total losses exceeding $ 21,000.
Almost at the same time, CointeleGRAP also confirmed an front compromise that offered a false symbolic promotional offers designed to deceive users to connect their wallets.
Sophisticated advanced hunting campaigns have been seen in recent months, including a wave of fake emails sent to Coinbase and Gemini users in March / a month who claimed that users need to deport their money to self -needs portfolios due to the supposed court ruling.
In April, the JFROG security research team also reported a harmful Bithon package designed to steal the applications of the application programming interface and accreditation data using Excination Mexc. He simulated the legitimate CCXT library and intercepted the encryption trading data by redirect API requests to a false server.
These incidents add increasing concern about the increasing targeting of the attackers from the infrastructure infrastructure channels for encryption and encryption instead of trying direct violations.
The common goal is to deceive users in sharing the backup of the portfolio, private keys, or commercial accreditation data, not through malicious programs, but through social engineering tactics.
https://cimg.co/wp-content/uploads/2025/06/23183123/1750703483-stock-image_optimized-3.jpg
2025-06-23 20:30:00
