Cryptocurrency wallet provider Trezor has warned its users of a new phishing attack targeting their crypto investments. The attack attempts to steal users' private keys by tricking them into entering their recovery phrase on a fake Trezor website.

Trezor took to Twitter on February 28th to caution users about the attack, which involves scammers posing as Trezor and contacting victims via phone calls, texts, or emails claiming that there has been a security breach or suspicious activity on their Trezor account.

“Please ignore these messages as they are not from Trezor,” Trezor declared on Twitter, emphasizing that the firm will never contact its customers via calls or SMS. The firm added that Trezor has not found any evidence of a database breach.

The fake website prompts users to enter their recovery seed, which is the most important part of self-custody, or “being your own bank” by keeping your crypto on a software or hardware non-custodial wallet. If the private keys are stolen, it means that crypto holdings no longer belong to their original owner.

This is not the first time Trezor wallets have been targeted by phishing attacks. In April 2022, attackers contacted Trezor users posing as the company, asking them to download a fake Trezor app.

Rival hardware wallet firm Ledger also suffered a massive data breach in 2020, with attackers publicly exposing personal information of more than 270,000 Ledger customers.

Trezor has urged its users to be vigilant and to never enter their recovery phrase on any website other than the official Trezor website. They have also advised users to use two-factor authentication and to never share their recovery phrase with anyone.