Trezor web wallet falls under URL attack

Many from the crypto community on Reddit revealed that if they make even a small typo, they are redirected to a fake website impersonating Trezor. The wallet claims that an updated is needed to the firmware as an excuse to ask for the speed phrase and then steal all funds from the wallet. 

CTO of Casa, Jameson Lopp tweeted that the best way to access the web wallet is by visiting it via the bookmarked version of the online wallet. These fake URL websites claiming to be real have been around for a while, but they are continually growing. 

It is highly advised to double-check the website on which you have landed before making any transaction or writing passwords. A victim to the attack reported on Reddit that he typed “tezor.io” instead of trezor.io and was instantly redirected to a fake website. The scam website installed a compromised firmware on the device.