Cryptocurrency hardware wallet provider Trezor is investigating a recent phishing campaign, as users have reported receiving phishing emails.

The anonymous blockchain sleuth ZachXBT took to his Telegram channel on Oct. 26 to alert users to a phishing attack targeting Trezor customers.

ZachXBT referred to an X (formerly Twitter) post from the account JHDN, which alleged that Trezor may have been breached after receiving phishing emails on the email account used specifically for buying the wallet.

In a similar manner to some Trezor-related phishing attacks in the past, the phishing email invites users to download the “latest firmware update” to users’ Trezor devices in order to “fix an issue in software.” According to the poster, the malicious email was sent from the email [email protected].

It looks like Trezor may have been breached? @Trezor @zachxbt #Trezor pic.twitter.com/4lmjZE1Quk

— j (@JHDN) October 26, 2023

“Be careful this person just received a phishing email to the email address associated with their Trezor purchase,” ZachXBT wrote, adding that the social media report could point to a potential data breach for Trezor or Evri, the United Kingdom delivery company that ships Trezor devices.

ZachXBT mentioned that two other people on Reddit complained about the same Trezor phishing email today.

According to Trezor’s brand ambassador, Josef Tetek, the firm is aware of the ongoing phishing campaign and is actively looking into it.

“We continuously report fake websites, contact domain registrars, and educate and warn our customers of known risks,” Tetek said, referring to multiple articles aiming to help users deal with phishing attacks. One such article says that phishing emails often redirect to download a Trezor Suite lookalike app that will ask users to connect their wallet and enter their seed.

Related: Scammers create Blockworks clone site to drain crypto wallets

“The seed is compromised once you enter it into the app, and your funds will then be immediately transferred to the attacker’s wallet,” the page reads.

Tetek emphasized that Trezor never asks for users’ recovery seed, PIN or passphrase, adding:

“Users should never enter their recovery seed directly into any website, or mobile app or type it into a computer. The only safe way to work with the recovery seed is as per the instructions shown on a connected Trezor hardware wallet.”

Cryptocurrency investors have been suffering from multiple phishing attacks despite many efforts to curb such scams. In September, a large crypto investor reportedly fell victim to a massive phishing campaign, losing $24 million worth of crypto assets. According to some cybersecurity reports, the number of cryptocurrency phishing attacks saw a 40% increase in 2022.

Additional reporting by Cointelegraph author Felix Ng.

Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in