Trezor abruceky Google Search Phishing

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Trezor

Reddit user abruceky reports that they fell victim to a Google Adwords phishing website and gave up the seed phrase for their wallet which contained 3.43 bitcoins. The phishing website showed up as the top result on a Google search for "Trezor". Once the funds were taken, the thief converted them to Monero using a centralized exchange, with an account set up via a VPN-based connection. The user reports that the police were not helpful and it would appear that no funds were recovered.

This exchange or platform is based in United States, or the incident targeted people primarily in United States.

About Trezor

"I[']m 41 [and a] single dad raising 2 amazing preteen girls. [I j]ust started in [bitcoin] earlier this year[. I] had put about 4 years worth of saving into the bitcoins. My goal was to put around 3.5 [BTC] on the [T]rezor and just hodl it for as long as [I] could. Last week [I] bought 1.66 [BTC] and figured that would be my last buy for awhile since [I] was close to the 3.5 [BTC that I] wanted."

"[I] had plans for the money down the road[ to h]elp buy [my daughters] a car when they turn 16 and help with their college. I think thats what bitcoin is all about[ -] collecting these bitcoins and hoping that in the future they will help out your family [and] give them a better life. Most of us wouldn[']t sell our [bitcoin] anytime soon as we know in 3 or 4 years [it] could be amazing."

"[I] bought my last bit[coin] at [$]8250 and at one point [on F]riday [the price] hit $10500[. I] was feeling great not knowing [that M]onday would be the worst day of my life."

"[G]rowing up in the midwest [I] trust people more than [I] should[.]" "[I] was working from home and thought between work deals [I'd] transfer my 3.5 bitcoin from [C]oinbase into my [T]rezor. While plugging my [T]rezor in[,] it didn[']t go in super smooth but [I] got it in[,] which [I] thought was wierd. So [I] [G]oogle[d] 'trezor' and[ c]licked on the first link for [T]rezor." "On the [G]oogle [C]hrome search this site was right above the real official [T]rezor site."

"[A]fter it says continue to your wallet the 24 word recovery seed box pops up. The link is wallet.trezcr.com/trezor-one.html." "In the website it looked just like [the T]rezor site but it came up with a message that said '[T]rezor damaged. Input 24 word seed.' I know [I] know [I] know. I was thinking the same thing 'nope not gonna do it'." "[I] totally knew better[.]" But [I] was rushing and said well [maybe] due to me having plug in issues. So as [you] can guess [I] put it in for some crazy reason[. I] wasn[']t thinking." "My mind was on work[.]"

"Worst decision of my life. Come to find out this was a phishing link that steals [bitcoin]." "[Yo]u can guess it[ -] they got 1.29 and 2.14 [BTC] from me." "[A]round 3.5 bitcoin stolen from my [T]rezor this week."

"[H]ow can people do that to someone else[?]" "[H]ow in the heck could someone live with themselves knowing they are ruining peoples lives[? It's c]razy the world we live in." "I[']m in a position with my job [where I] could wreck people pretty bad[ly] financially[, b]ut no way in heck would that even cross my mind. Not only did they steal from me but what [upsets me most] was that they stole from my daughters[.]"

"[W]hy does [G]oogle let a phishing [advertisement] be above the real [T]rezor link when you [G]oogle 'trezor'[?]" "[T]hat[']s messed up[. They] shouldn[']t allow that site at all[. A]ll it does is harm people[.]" "[T]rezor should do more to alert the public about the phishing hack[. I]t was hard to find[. I] think maybe [I found] 1 or 2 articles 6 months ago. That [information] should be on [Y]ahoo[, G]oogle[, and] all over the place."

"For the record this was 100% my fault[, s]o negative comments can be kept to yourself[. I'm] sure [I] have said them to myself." "I know [I've] brought this upon myself[. I] blame myself 100%." "[I] don[']t want anyone else to go through what [I']ve experienced in the last week." "Please don[']t fall for this please[. I]t will mess you up bad[ly]." "[D]on[']t be stupid and fall for it like me."

"[I] used to watch and subscribe to bitcoin channels like 'the moon'[,] 'Sunny decree'[,] crypto zombie'[,] Chico crypto[,] and a couple others. [I l]oved watching the videos and learning but now [I've] unsubscribed for the time being[. It] kind of makes me sick thinking [about] how [I] screwed up[. I'm] sure it will get better but [it's a] tough pill to swallow now."

"I know people have been hacked for much more [bitcoin] so [I] do feel for you. [The c]razy thing is [that the] current walue would be around 32k. But it[']s more about what the value will be in 4 years." "[I] was in the market for a [19]93 [C]obra[,] but that may have to wait now. I[']m still going to invest in [bitcoin,] but take my time when transfering it[,] and no [I] will not use the corrupt [T]rezor[.]"

"I[']m working with [the] authorities and the exchange to see if there is any hope." "The detective assigned to my case hasn[']t been able to review it[. H]e was in training today. And [I] need the police report to send to the exchange to see if that leads me anywhere." "[I'm] not going to give [the detective's] name but he is pretty high up there[.]"

"Th[e th]ief used a [VPN] and b[o]ught monero with [the bitcoin]." "[The] police are worthless. They don[']t help at all. It sucks."

This exchange or platform is based in United States, or the incident targeted people primarily in United States.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

Known history of when and how the service was started.
What problems does the company or service claim to solve?
What marketing materials were used by the firm or business?
Audits performed, and excerpts that may have been included.
Business registration documents shown (fake or legitimate).
How were people recruited to participate?
Public warnings and announcements prior to the event.

Don't Include:

Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

When the service was actually started (if different than the "official story").
Who actually ran a service and their own personal history.
How the service was structured behind the scenes. (For example, there was no "trading bot".)
Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Trezor abruceky Google Search Phishing
Date	Event	Description
October 28th, 2019 12:00:00 PM	First Event	This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?