Hardware wallet company Trezor has advised any of its newsletter subscribers who have entered their seed phrases into any form sent to them, particularly if it was via email, to transfer their funds to another wallet immediately.
The company issued the advice via X (formerly Twitter) a few hours after it confirmed that it had detected an unauthorized email impersonating Trezor sent from a third-party email provider it uses.
Trezor told users that, if they received a suspicious email with the subject line ‘Assets undergoing upgrade’ from the ID: [email protected], they should avoid clicking on any links or providing any information.
It then suggested they delete the email immediately.
In the same thread, Trezor moved to reassure users that if they haven’t entered their details, their funds are safe, and said it had “swiftly managed to deactivate the malicious link within the email text immediately and limited the reach of the threat.”
This phishing attack comes barely a week after Trezor suffered another security breach that it reportedly exposed sensitive information belonging to more than 65,000 users.
Trezor said that it identified a breach of its third-party support portal on January 17 and cautioned that users who’ve interacted with its support team since December 2021 may have had their data compromised.