Willie Sutton, the criminal who became legendary for stealing from banks during a forty year career, was once asked, "Why do you keep robbing banks?"
His answer? "Because that's where the money is."
However, today there's a better target for robbers today than banks, which are typically well-defended against theft...
Trezor, the manufacturers of one of the world's leading hardware wallets that promises to store securely the private keys of cryptocurrency investors, has warned its users to be wary of SMS text messages that claim it has suffered a security breach.
Some Trezor users report receiving SMS messages that warn they may be at risk of losing their mountains of Monero, bags of Bitcoin, and packs of Dogecoin:
Trezor Suite has recently endured a security breach, assume all your assets are vulnerable. Please follow the security procedure to secure your assets: <LINK>
Should you click on the link? Of course not.
Trezor advises that it never contacts its users via SMS.
But if you were to panic that you might be about to see your Ethereum disappear into the ether, and did recklessly click you would be taken to a website that shares more details of the alleged breach:
Your assets might be at risk! At this moment, its technically impossible to accurately assess the scope of the data breach. Due to these circumstances, if you've recently used your Trezor Suite, we must assume that all your assets are currently at risk. In the spirit of transparency, we want to make our customers aware of this incident. We felt time was of the essence, and we are expediently working through our investigation. If you received this message it means that you've been affected by the breach. In order to protect all your assets please follow the procedure to secure your assets
At which point, the page asks for some very sensitive information:
Yes, the webpage asks users to enter the secret recovery phrase for their Trezor hardware wallet. This, combined with a user's 12 or 24-word recovery seed, would allow a criminal to access your cryptocurrency fortune.
Trezor says it has seen no evidence that its systems have been compromised, or that criminals have accessed its database of customers in order to send the SMS messages.
But what is clear is that cybercriminals are hell bent on breaking into hardware wallets, typically used by those who have the biggest cryptocurrency fortunes to lose.
Last year, for instance, I described how cybercriminals targeted owners of Trezor hardware wallets with emails that also claimed there had been a security breach, in an attempt to scare victims into installing a bogus firmware update onto their devices.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.