Trezor abruceky Google Search Phishing: Difference between revisions

Latest revision as of 13:26, 1 May 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Trezor

Reddit user abruceky reports that they fell victim to a Google Adwords phishing website and gave up the seed phrase for their wallet which contained 3.43 bitcoins. The phishing website showed up as the top result on a Google search for "Trezor". Once the funds were taken, the thief converted them to Monero using a centralized exchange, with an account set up via a VPN-based connection. The user reports that the police were not helpful and it would appear that no funds were recovered.

This exchange or platform is based in United States, or the incident targeted people primarily in United States.^[1]^[2]^[3]^[4]^[5]^[6]^[7]^[8]

About Trezor

"I[']m 41 [and a] single dad raising 2 amazing preteen girls. [I j]ust started in [bitcoin] earlier this year[. I] had put about 4 years worth of saving into the bitcoins. My goal was to put around 3.5 [BTC] on the [T]rezor and just hodl it for as long as [I] could. Last week [I] bought 1.66 [BTC] and figured that would be my last buy for awhile since [I] was close to the 3.5 [BTC that I] wanted."

"[I] had plans for the money down the road[ to h]elp buy [my daughters] a car when they turn 16 and help with their college. I think thats what bitcoin is all about[ -] collecting these bitcoins and hoping that in the future they will help out your family [and] give them a better life. Most of us wouldn[']t sell our [bitcoin] anytime soon as we know in 3 or 4 years [it] could be amazing."

"[I] bought my last bit[coin] at [$]8250 and at one point [on F]riday [the price] hit $10500[. I] was feeling great not knowing [that M]onday would be the worst day of my life."

"[G]rowing up in the midwest [I] trust people more than [I] should[.]" "[I] was working from home and thought between work deals [I'd] transfer my 3.5 bitcoin from [C]oinbase into my [T]rezor. While plugging my [T]rezor in[,] it didn[']t go in super smooth but [I] got it in[,] which [I] thought was wierd. So [I] [G]oogle[d] 'trezor' and[ c]licked on the first link for [T]rezor." "On the [G]oogle [C]hrome search this site was right above the real official [T]rezor site."

"[A]fter it says continue to your wallet the 24 word recovery seed box pops up. The link is wallet.trezcr.com/trezor-one.html." "In the website it looked just like [the T]rezor site but it came up with a message that said '[T]rezor damaged. Input 24 word seed.' I know [I] know [I] know. I was thinking the same thing 'nope not gonna do it'." "[I] totally knew better[.]" But [I] was rushing and said well [maybe] due to me having plug in issues. So as [you] can guess [I] put it in for some crazy reason[. I] wasn[']t thinking." "My mind was on work[.]"

"Worst decision of my life. Come to find out this was a phishing link that steals [bitcoin]." "[Yo]u can guess it[ -] they got 1.29 and 2.14 [BTC] from me." "[A]round 3.5 bitcoin stolen from my [T]rezor this week."

"[H]ow can people do that to someone else[?]" "[H]ow in the heck could someone live with themselves knowing they are ruining peoples lives[? It's c]razy the world we live in." "I[']m in a position with my job [where I] could wreck people pretty bad[ly] financially[, b]ut no way in heck would that even cross my mind. Not only did they steal from me but what [upsets me most] was that they stole from my daughters[.]"

"[W]hy does [G]oogle let a phishing [advertisement] be above the real [T]rezor link when you [G]oogle 'trezor'[?]" "[T]hat[']s messed up[. They] shouldn[']t allow that site at all[. A]ll it does is harm people[.]" "[T]rezor should do more to alert the public about the phishing hack[. I]t was hard to find[. I] think maybe [I found] 1 or 2 articles 6 months ago. That [information] should be on [Y]ahoo[, G]oogle[, and] all over the place."

"For the record this was 100% my fault[, s]o negative comments can be kept to yourself[. I'm] sure [I] have said them to myself." "I know [I've] brought this upon myself[. I] blame myself 100%." "[I] don[']t want anyone else to go through what [I']ve experienced in the last week." "Please don[']t fall for this please[. I]t will mess you up bad[ly]." "[D]on[']t be stupid and fall for it like me."

"[I] used to watch and subscribe to bitcoin channels like 'the moon'[,] 'Sunny decree'[,] crypto zombie'[,] Chico crypto[,] and a couple others. [I l]oved watching the videos and learning but now [I've] unsubscribed for the time being[. It] kind of makes me sick thinking [about] how [I] screwed up[. I'm] sure it will get better but [it's a] tough pill to swallow now."

"I know people have been hacked for much more [bitcoin] so [I] do feel for you. [The c]razy thing is [that the] current walue would be around 32k. But it[']s more about what the value will be in 4 years." "[I] was in the market for a [19]93 [C]obra[,] but that may have to wait now. I[']m still going to invest in [bitcoin,] but take my time when transfering it[,] and no [I] will not use the corrupt [T]rezor[.]"

"I[']m working with [the] authorities and the exchange to see if there is any hope." "The detective assigned to my case hasn[']t been able to review it[. H]e was in training today. And [I] need the police report to send to the exchange to see if that leads me anywhere." "[I'm] not going to give [the detective's] name but he is pretty high up there[.]"

"Th[e th]ief used a [VPN] and b[o]ught monero with [the bitcoin]." "[The] police are worthless. They don[']t help at all. It sucks."

This exchange or platform is based in United States, or the incident targeted people primarily in United States.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

Known history of when and how the service was started.
What problems does the company or service claim to solve?
What marketing materials were used by the firm or business?
Audits performed, and excerpts that may have been included.
Business registration documents shown (fake or legitimate).
How were people recruited to participate?
Public warnings and announcements prior to the event.

Don't Include:

Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

When the service was actually started (if different than the "official story").
Who actually ran a service and their own personal history.
How the service was structured behind the scenes. (For example, there was no "trading bot".)
Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Trezor abruceky Google Search Phishing
Date	Event	Description
October 28th, 2019	Main Event	Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $32,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

Never ever share the seed phrase to your hardware wallet with any place other than the hardware wallet itself.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

↑ Azzuro-x comments on Over $40k of CryptoCurrency Stolen (Aug 7, 2022)
↑ mmafan666 comments on Over $40k of CryptoCurrency Stolen (Aug 7, 2022)
↑ abruceky comments on Trezor One wallet hacked (Dec 27, 2022)
↑ abruceky comments on Beware trezor owners. Got hacked this week (Dec 27, 2022)
↑ Beware trezor owners. Got hacked this week : Bitcoin (Dec 27, 2022)
↑ Phishing attacks used to steal your coins (recommended reading) | by SatoshiLabs | Trezor Blog (Dec 27, 2022)
↑ Beware trezor owners. Got hacked this week : Bitcoin (Dec 27, 2022)
↑ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap (May 16, 2021)

[redditold-8838-1] Azzuro-x comments on Over $40k of CryptoCurrency Stolen (Aug 7, 2022)

[redditold-8839-2] 666 comments on Over $40k of CryptoCurrency Stolen (Aug 7, 2022)

[redditold-10081-3] ruceky comments on Trezor One wallet hacked (Dec 27, 2022)

[redditold-10082-4] ruceky comments on Beware trezor owners. Got hacked this week (Dec 27, 2022)

[redditoldarchive-10083-5] Beware trezor owners. Got hacked this week : Bitcoin (Dec 27, 2022)

[trezorblog-10084-6] Phishing attacks used to steal your coins (recommended reading) | by SatoshiLabs | Trezor Blog (Dec 27, 2022)

[redditoldarchive-10085-7] Beware trezor owners. Got hacked this week : Bitcoin (Dec 27, 2022)

[coinmarketcap-623-8] Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap (May 16, 2021)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

@@ Line 1: / Line 1: @@
-{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/trezorabrucekygooglesearchphishing.php}}
+{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/trezorabrucekygooglesearchphishing.php}}
+{{Unattributed Sources}}
 [[File:Trezor.jpg|thumb|Trezor]]Reddit user abruceky reports that they fell victim to a Google Adwords phishing website and gave up the seed phrase for their wallet which contained 3.43 bitcoins. The phishing website showed up as the top result on a Google search for "Trezor". Once the funds were taken, the thief converted them to Monero using a centralized exchange, with an account set up via a VPN-based connection. The user reports that the police were not helpful and it would appear that no funds were recovered.
-This exchange or platform is based in United States, or the incident targeted people primarily in United States.
+This exchange or platform is based in United States, or the incident targeted people primarily in United States.<ref name="redditold-8838" /><ref name="redditold-8839" /><ref name="redditold-10081" /><ref name="redditold-10082" /><ref name="redditoldarchive-10083" /><ref name="trezorblog-10084" /><ref name="redditoldarchive-10085" /><ref name="coinmarketcap-623" />
 == About Trezor ==
@@ Line 47: / Line 48: @@
 Don't Include:
 * Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
 * Anything that wasn't reasonably knowable at the time of the event.
@@ Line 68: / Line 68: @@
 !Description
 |-
-|October 28th, 2019 12:00:00 PM
+|October 28th, 2019
-|First Event
+|Main Event
-|This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.
+|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
-|-
-|
-|
-|
 |-
 |
@@ Line 80: / Line 76: @@
 |
 |}
+== Technical Details ==
+This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
 == Total Amount Lost ==
-The total amount lost is unknown.
+The total amount lost has been estimated at $32,000 USD.
 How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
@@ Line 93: / Line 92: @@
 == Total Amount Recovered ==
-It is unknown how much was recovered.
+There do not appear to have been any funds recovered in this case.
 What funds were recovered? What funds were reimbursed for those affected users?
@@ Line 99: / Line 98: @@
 == Ongoing Developments ==
 What parts of this case are still remaining to be concluded?
+== General Prevention Policies ==
+Never ever share the seed phrase to your hardware wallet with any place other than the hardware wallet itself.
+== Individual Prevention Policies ==
+{{Prevention:Individuals:Placeholder}}
+{{Prevention:Individuals:End}}
+== Platform Prevention Policies ==
+{{Prevention:Platforms:Placeholder}}
+{{Prevention:Platforms:End}}
-== Prevention Policies ==
+== Regulatory Prevention Policies ==
-Never ever share the seed phrase to your hardware wallet with any place other than the hardware wallet itself.
+{{Prevention:Regulators:Placeholder}}
+{{Prevention:Regulators:End}}
 == References ==
-[https://old.reddit.com/r/ledgerwallet/comments/me1j5n/over_40k_of_cryptocurrency_stolen/gsese97/ Azzuro-x comments on Over $40k of CryptoCurrency Stolen] (Aug 7)
+<references><ref name="redditold-8838">[https://old.reddit.com/r/ledgerwallet/comments/me1j5n/over_40k_of_cryptocurrency_stolen/gsese97/ Azzuro-x comments on Over $40k of CryptoCurrency Stolen] (Aug 7, 2022)</ref>
-[https://old.reddit.com/r/Bitcoin/comments/me2c4i/over_40k_of_cryptocurrency_stolen/gsdhyzs/ mmafan666 comments on Over $40k of CryptoCurrency Stolen] (Aug 7)
+<ref name="redditold-8839">[https://old.reddit.com/r/Bitcoin/comments/me2c4i/over_40k_of_cryptocurrency_stolen/gsdhyzs/ mmafan666 comments on Over $40k of CryptoCurrency Stolen] (Aug 7, 2022)</ref>
-[https://old.reddit.com/r/TREZOR/comments/cms26i/trezor_one_wallet_hacked/f6aiqpu/ abruceky comments on Trezor One wallet hacked] (Dec 27)
+<ref name="redditold-10081">[https://old.reddit.com/r/TREZOR/comments/cms26i/trezor_one_wallet_hacked/f6aiqpu/ abruceky comments on Trezor One wallet hacked] (Dec 27, 2022)</ref>
-[https://old.reddit.com/r/Bitcoin/comments/dpx8y1/beware_trezor_owners_got_hacked_this_week/f681pmq/ abruceky comments on Beware trezor owners. Got hacked this week] (Dec 27)
+<ref name="redditold-10082">[https://old.reddit.com/r/Bitcoin/comments/dpx8y1/beware_trezor_owners_got_hacked_this_week/f681pmq/ abruceky comments on Beware trezor owners. Got hacked this week] (Dec 27, 2022)</ref>
-[https://web.archive.org/web/20191102110711/https://old.reddit.com/r/Bitcoin/comments/dpx8y1/beware_trezor_owners_got_hacked_this_week/ Beware trezor owners. Got hacked this week : Bitcoin] (Dec 27)
+<ref name="redditoldarchive-10083">[https://web.archive.org/web/20191102110711/https://old.reddit.com/r/Bitcoin/comments/dpx8y1/beware_trezor_owners_got_hacked_this_week/ Beware trezor owners. Got hacked this week : Bitcoin] (Dec 27, 2022)</ref>
-[https://blog.trezor.io/phishing-attacks-used-to-steal-your-coins-recommended-reading-a39c0679c55d Phishing attacks used to steal your coins (recommended reading) | by SatoshiLabs | Trezor Blog] (Dec 27)
+<ref name="trezorblog-10084">[https://blog.trezor.io/phishing-attacks-used-to-steal-your-coins-recommended-reading-a39c0679c55d Phishing attacks used to steal your coins (recommended reading) | by SatoshiLabs | Trezor Blog] (Dec 27, 2022)</ref>
-[https://web.archive.org/web/20191103151202/https://old.reddit.com/r/Bitcoin/comments/dpx8y1/beware_trezor_owners_got_hacked_this_week/ Beware trezor owners. Got hacked this week : Bitcoin] (Dec 27)
+<ref name="redditoldarchive-10085">[https://web.archive.org/web/20191103151202/https://old.reddit.com/r/Bitcoin/comments/dpx8y1/beware_trezor_owners_got_hacked_this_week/ Beware trezor owners. Got hacked this week : Bitcoin] (Dec 27, 2022)</ref>
-[https://coinmarketcap.com/currencies/bitcoin/historical-data/ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap] (May 15)
+<ref name="coinmarketcap-623">[https://coinmarketcap.com/currencies/bitcoin/historical-data/ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap] (May 16, 2021)</ref></references>