According to the blog of developers of the hardware wallet Trezor, their service has recently undergone a phishing attack. The project team stated that it received many complaints about the incorrect Secure Sockets Layer (SSL) certificate.
The number of warnings about the incorrect certificate has increased due to the increasing number of phishing attacks on the site. The vectors of the attack are reportedly the so-called “poisoning of the DNS server” and “BGP-interception”.
Poisoning a DNS server is an attack that uses some DNS vulnerabilities. It allows the attacker to redirect traffic from legitimate servers to fake ones. This exploit was used, for example, to attack the “Great Chinese Firewall” in 2010.
BGP interception (also known as “prefix intercept”) is an attack that consumes IP address groups and is performed by corrupting the routing Internet tables that the BGP protocol operates on.
As a result of the attack, the fake Trezor wallet site showed a warning message asking the user to restore the seed-phrase (an access key consisting of 12-24 “simple and memorable” words). According to Trezor, this was already the “second alarm bell”, because the warning message was written with errors.
“And the third bell is a method of recovery. The fake site asked the user to enter into the computer and the correct word order, and the seed-word itself, “- says the blog Trezor.
Next, the team Trezor warned users about the security measures that must be taken to protect themselves from this attack. It stressed that users should never enter their seed-phrases into the computer – this should be done only in the Trezor device. In addition, according to Trezor, the user should make sure that there is a “Protected” in the address bar of his browser.
“Always check all operations on the Trezor device only. You should trust only the device’s screen and what is written there … Never tell anyone your private and personal data. This also applies to us – SatoshiLabs. We will never ask for your seed-phrase. Service Trezor Wallet will never ask for your seed-phrase. It can only be done by Trezor, but it will do it in a safe way,” Trezor said.
They also noted that the fake wallet had already been blocked by the hosting provider, but they asked users to remain vigilant and inform the Trezor team about suspicious sites.