A recent phishing incident has prompted Trezor, a provider of hardware wallets, to issue a security alert and urge users to update their devices. The alert comes after news surfaced of a victim losing 10 BTC, showing how scammers over the years have become more sophisticated in their targeting of cryptocurrency owners. That doesn’t absolve the creators of this incident, which highlights the terrible lack of user awareness and vigilance in protecting digital assets.
Phishing Attack Details
The phishing attack was just the latest example of scammers using a confusing ruse to get users to expose their sensitive information. The attackers validated inputs using a list of 2,048 known words frequently present in recovery phrases. This tactic made their fraud all the more persuasive. On December 15, 2024, the bad actor on record registered the malicious domain ledger-recovery.info. They repurposed it to host a fraudulent website that matched an actual, real-world meeting service almost perfectly. This “security check” then caused the user to input their recovery phrase, allowing their Bitcoin to be stolen.
Trezor's Response and Recommendations
Ever since the incident took place, Trezor has been emphasizing the importance of securing wallet backups. Perhaps more significant is the company’s recent and unusually stern warning to its users.
NEVER share your wallet backup — it must… - Trezor
Trezor has published a firmware update, version 1.6.3, for the Trezor Model One. Read more Touted as the most important update available, users are highly recommended to download this update to improve the security of their devices. From its flagship Trezor Model One to the Model T, Trezor’s hardware wallets continue to address a growing crypto user base.
Coinspeaker's Coverage
Coinspeaker, an independent publication focused on honest and open news publishing, has reported on the hack and Trezor’s response to it. Godfrey Benjamin is a tech-oriented, blockchain evangelist, and writer at Coinspeaker. Read on as he explores the pragmatic uses of blockchain technology and spotlights the trailblazing innovations powering its worldwide adoption and integration.
Godfrey Benjamin maintains a profile on X (formerly Twitter) at https://twitter.com/DaWorldOfChoice, where he shares insights and analysis on the latest developments in the blockchain space. Coinspeaker is glad to see them driving awareness around the risks associated with storing cryptocurrency. They stress the need to implement strong security practices to safeguard yourself from phishing threats.
User Education and Prevention
The incident is a reminder of how essential user education is for preventing phishing attacks. Note that crypto users should be suspicious of any unsolicited communication asking you for your private key or recovery phrase, period. It’s always important to confirm that the websites and services you’re using are legitimate before entering any sensitive data. In addition to being mindful of the apps they use, users should enable two-factor authentication and use strong, unique passwords for their accounts.
Tran Quoc Duy
Blockchain Editor
Tran Quoc Duy offers centrist, well-grounded blockchain analysis, focusing on practical risks and utility in cryptocurrency domains. His analytical depth and subtle humor bring a thoughtful, measured voice to staking and mining topics. In his spare time, he enjoys landscape painting and classic science fiction novels.
