Next scheduled rescrape ... in 8 hours
Version 1
Last scraped
Scraped on 19/07/2025, 02:18:16 UTC
Just got this Fake trezor attack email

Logo
Official Security Incident Report

Dear Trezor User,

This communication is to inform you of a significant security incident. Trezor has confirmed a coordinated social engineering attack resulting in unauthorized access to our internal server infrastructure. The investigation has determined that threat actors, with characteristics consistent with the North Korean state-sponsored group Lazarus, gained access after successfully placing personnel within a third-party contractor using falsified credentials.

These individuals deployed malware that compromised specific communication endpoints, leading to the exposure of user data. We have verified that this vector has been used to execute unauthorized transactions totaling approximately $70 million in BTC and ETH. Our team is working with blockchain analysis firms to trace the stolen assets. This attack vector aligns with intelligence on sophisticated campaigns previously analyzed by our team (for more context, see published analysis).

We are requiring users to take mandatory mitigation steps.

Mandatory Mitigation Steps

To contain this threat and protect your assets from further exposure, we have issued a mandatory firmware update. This update serves as a containment and neutralization protocol, which will re-establish a secure communication channel between your device and the Trezor network.

We have the utmost confidence in our remediation plan, but its success depends on your prompt cooperation. We take this matter with the greatest seriousness and regret any concern this may cause.

Proceed to Dashboard
Sincerely,
The Trezor Security & Compliance Office

SatoshiLabs s.r.o., Kundratka 2359/17a, 180 00 Prague 8, Czech Republic

This is a mandatory security notification regarding your Trezor account.

Got exactly the same email. It seems that someone is trying to trick unsuspecting users into installing compromised f/w in their Trezors. It's so obvious to us that it's a scam, but it seems that a small percentage of users fall for it.

Always use official channels for f/w updates and never reveal anything relating to keys, seeds or PINs to anyone!
Original archived Re: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion
Scraped on 19/07/2025, 02:13:38 UTC
Just got this Fake trezor attack email

Logo
Official Security Incident Report

Dear Trezor User,

This communication is to inform you of a significant security incident. Trezor has confirmed a coordinated social engineering attack resulting in unauthorized access to our internal server infrastructure. The investigation has determined that threat actors, with characteristics consistent with the North Korean state-sponsored group Lazarus, gained access after successfully placing personnel within a third-party contractor using falsified credentials.

These individuals deployed malware that compromised specific communication endpoints, leading to the exposure of user data. We have verified that this vector has been used to execute unauthorized transactions totaling approximately $70 million in BTC and ETH. Our team is working with blockchain analysis firms to trace the stolen assets. This attack vector aligns with intelligence on sophisticated campaigns previously analyzed by our team (for more context, see published analysis).

We are requiring users to take mandatory mitigation steps.

Mandatory Mitigation Steps

To contain this threat and protect your assets from further exposure, we have issued a mandatory firmware update. This update serves as a containment and neutralization protocol, which will re-establish a secure communication channel between your device and the Trezor network.

We have the utmost confidence in our remediation plan, but its success depends on your prompt cooperation. We take this matter with the greatest seriousness and regret any concern this may cause.

Proceed to Dashboard
Sincerely,
The Trezor Security & Compliance Office

SatoshiLabs s.r.o., Kundratka 2359/17a, 180 00 Prague 8, Czech Republic

This is a mandatory security notification regarding your Trezor account.

Got exactly the same email. It seems someone is trying to trick unsuspecting users into installing compromised f/w in their Trezors. It's so obvious to us that it's a scam, but it seems that a small percentage of users fall for it.

Always use official channels for f/w updates and never reveal anything relating to keys, seeds or PINs to anyone!