Phishing Alert: Fake Trezor Wallet website


Phishing Alert: Fake Trezor Wallet website (Jul 1, 2018)

"TREZOR" is a hardware wallet sold by "Satoshi Labs" intended to secure storage of cryptocurrency, such as Bitcoin. On the 30th of June, the Czech-Republic based vendor's subdomain ( was hit by a phishing scam, that was the result of suspected DNS poisoning or BGP hijacking. Customers were first alerted to the attack after receiving an error message from their web browser of an invalid TLS certificate used to authenticate a secure connection to the vendor's website. The second was a message from the fake site warning that the hardware wallet was damaged, and required the user enter their recovery seed, which SatoshiLabs would never request.

Recommendation: Customers should never enter their recovery seed on anything other than the TREZOR device, and under no circumstances should one enter it on a computer. Always look for the "Secure" sign in the browser's address bar, and if the certificate is invalid, the browser should warn the user.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.