Huge Potential Trezor Scam Avoided - Thanks To CoinLoan

In April 2022, CoinLoan’s fraud detection team caught and prevented what could have been another massive crypto scam.

Bishal Kumar Chanda4 min read
Huge Potential Trezor Scam Avoided - Thanks To CoinLoan

Since the crypto boom of 2021, cryptocurrency has become a magnet for cybercriminals. As a result, more and more multi-million dollar cryptocurrency scams are hitting the weekly news in recent years. Meanwhile, in April 2022, CoinLoan’s fraud detection team caught and prevented what could have been another massive crypto scam.

Trezor Wallet Phishing Scam

On April 3, 2022, Trezor wallet owners received an email prompting them to do a software update. This was a sophisticated phishing scam to steal crypto assets using altered wallet software.

The phishing email sent to Trezor clients

According to CoinLoan co-founder and CTO Max Sapelov, this is how the events unfolded:

  • Trezor wallet clients received an email from the domain, mimicking a message from Moreover, it bypassed the spam filters and looked legit, asking users to update their wallet software by following a link. 
  • Furthermore, the link led to a lookalike domain of In fact, the domain name was found using a non-standard character, the Unicode ‘ẹ’ instead of the English ‘e.’ Some domain registrars accept Unicode symbols, making deceptive lookalike domains possible. 
  • Following the link, users found a copy of the original Trezor Suite website, where they could download the fraudulent wallet software. Apparently, the fraudulent software had been maliciously altered to steal the seed phrase associated with their wallet. 

CoinLoan Prevents The Huge Potential Crypto Scam

After a CoinLoan team member received the phishing email, the team at CoinLoan got to work.

  • After detecting the IP address of the malicious domain, Max contacted the hosting provider from Russia, and the server was quickly taken down.
  • However, the domain registrar was slow to respond to abuse complaints, so the scammy domain was live for quite a while. 
  • Following the takedown, the scammers switched to another IP and domain. But Max was quick to take down several servers hosting the fake Trezor Suite website. 
  • Finally, Max sent a report of the malicious wallet software binaries to VirusTotal, an online service for analyzing suspicious files for malware which automatically shares them with the security community. By that point, one of the files had been uploaded, indicating a delayed reaction from Trezor. 

Trezor’s Response to The Phishing Incident

In an email, Trezor blamed the client data leak on a third-party service, Mailchimp. Later, the veteran email marketing platform confirmed that its database was “compromised by an insider.”

Trezor's response to the attempted phishing scam

While the database leak was not the Trezor team’s fault, it reminds us that hardware wallet users are not entirely immune to cyber threats.

CoinLoan’s Response to The Phishing Incident

“We are immensely proud of our fraud detection team, however, this incident does shed light on the inherent risks associated with (cold) non-custodial wallets, including software, connections to third-party vendors, and possible insider leaks,” said Max. “In contrast, custodial wallets such as CoinLoan often implement a series of checks and holds which prevent fraudsters from a) gaining access and b) moving or withdrawing crypto in the event of a leak. As attacks such as this become more common, it is our hope that users intelligently weigh up the pros and cons of each type of wallet.”

Final Say

The evident rise of crypto-targeted cybercrimes, such as the one prevented by CoinLoan, must serve as a wake-up call for the cryptocurrency industry. With the given potential of social engineering, even hardware wallets do not guarantee asset security. Thus, users unaware of the threats can easily fall victim to manipulation.

Bank-grade security standards, such as those used by CoinLoan, can not be considered optional in the current crypto market. It protects users from various threats, conducting various checks on their behalf. Moreover, such custodial wallets are well protected against access recovery attempts, password cracking, suspicious transactions, etc.

Still curious? Check out The 5 Safest Crypto Lending Platforms you can use.

Earn more with Bitcompare

The best deals, tools, reviews and tips in your inbox once a week.

No spam, unsubscribe anytime. Read our Privacy Policy.