A Redditor has apparently spotted an imposter website for Bitcoin (BTC) hardware wallet Trezor.
“Imposter site trying to steal your Bitcoin”
On Oct. 4, Reddit user castorfromtheva posted about the website, stating that they conducted a test to confirm that it was not genuine. They said:
“I just made a little ‘typo’ test and entered ‘tezor[dot]io’ where I obviously left out the ‘r’. I was instantly redirected to a site called https://trezor[dot]run/start/ which is not the original trezor site (the correct size is http://trezor.io respectively https://trezor.io/start/).”
The Reddit user said that a URL typo would indeed redirect the user to the Trezor scam site while possibly installing compromised firmware.
Bitcoin engineer and self-proclaimed BTC maximalist Jameson Lopp took to Twitter to warn about the fake website. Lopp — who is also CTO at Bitcoin key security system firm Casa — wrote:
“SECURITY NOTICE Users of @Trezor’s web wallet should NOT visit it by typing ‘http://trezor.io’ into your browser – if you mis-type the URL you may be redirected to an imposter site that will try to steal your BTC! Bookmarks are your friend!”
Malicious app imitates hardware wallet Trezor
Scammers had been adding fake cryptocurrency wallets to the Google Play store. The malicious app imitated the Trezor hardware wallet. While looking completely legitimate on Google Play, the software itself contained no Trezor branding at all, with a generic login screen phishing for credentials.
In November 2018, Trezor warned its users after fraudsters began to make counterfeit versions of its hardware wallets. Company officials acknowledged at the time that “Trezor clones have been released over the years,” but a “fake Trezor device, manufactured by a different, unknown vendor” was a startling discovery.