Just got this Fake trezor attack email
Logo
Official Security Incident Report
Dear Trezor User,
This communication is to inform you of a significant security incident. Trezor has confirmed a coordinated social engineering attack resulting in unauthorized access to our internal server infrastructure. The investigation has determined that threat actors, with characteristics consistent with the North Korean state-sponsored group Lazarus, gained access after successfully placing personnel within a third-party contractor using falsified credentials.
These individuals deployed malware that compromised specific communication endpoints, leading to the exposure of user data. We have verified that this vector has been used to execute unauthorized transactions totaling approximately $70 million in BTC and ETH. Our team is working with blockchain analysis firms to trace the stolen assets. This attack vector aligns with intelligence on sophisticated campaigns previously analyzed by our team (for more context, see published analysis).
We are requiring users to take mandatory mitigation steps.
Mandatory Mitigation Steps
To contain this threat and protect your assets from further exposure, we have issued a mandatory firmware update. This update serves as a containment and neutralization protocol, which will re-establish a secure communication channel between your device and the Trezor network.
We have the utmost confidence in our remediation plan, but its success depends on your prompt cooperation. We take this matter with the greatest seriousness and regret any concern this may cause.
Proceed to Dashboard
Sincerely,
The Trezor Security & Compliance Office
SatoshiLabs s.r.o., Kundratka 2359/17a, 180 00 Prague 8, Czech Republic
This is a mandatory security notification regarding your Trezor account.
It seems they are a little slow with sending these emails, because the first report about it appeared on the forum at the beginning of this month ->
[WARNING] Recent warning from Trezor.By the way, I can confirm that a very aggressive email campaign is underway for all those whose data was leaked in the Ledger leak.
Security Breach & Firmware Update
Dear Ledger User,
In our commitment to transparency, we are notifying you of a security incident that our team has successfully contained. Recently, a threat actor briefly disrupted a component of our backend infrastructure used for Ledger Live services. Our security protocols immediately detected and neutralized the threat.
We have received reports of customer assets being stolen. We believe this is due to a vulnerability that has now been identified and addressed. To further harden the connection between your device and our now-restored services, we have issued a firmware update. This update will patch the identified vulnerability and reinforce the cryptographic verification between Ledger Live and your device.
Update in Ledger Live
Update in Ledger Live (contains a link to a fake Ledger Live)
To ensure your security, this critical update must be initiated exclusively through the official Ledger Live application. Please be vigilant and disregard any requests or links to update your firmware that you may receive via text message. Always open the Ledger Live app directly on your computer or mobile device to perform the update safely.
We appreciate your immediate cooperation in maintaining the highest level of security. Your trust is our priority.
Sincerely,
The Ledger Team