Beware of Deceptive Crypto Wallet Emails!

A phishing scam attempted to deceive users by impersonating Trezor, a company known for its secure crypto wallets. The email, with a subject line designed to instill fear, read:

"Quantum Vulnerability Disclosure."

The email claimed there was a new update for Trezor wallets to protect against fake threats from "quantum technology." It urged users to update their devices immediately to keep their information safe.

The Catch: A Hacked Substack Account

The email was not from Trezor. Instead, it originated from a hacked Substack account belonging to Greg Lockard, who runs a comic book newsletter. Hackers exploited a feature that allows creators to add emails to their list without confirmation, sending phishing emails even to non-subscribers.

Exploiting a Security Flaw in Trezor's Support Portal

The hackers also took advantage of a security flaw in Trezor's support portal, which was compromised earlier in 2024. If users clicked on the "Upgrade Firmware" button, they were redirected to a fake website called quantumshield-trezor.