Trezor, a popular crypto hardware wallet, is likely suffering from a security breach as thousands of its users were targeted in a phishing attack.
In a Tweet posted Sunday, the Prague-based company reported that it is investigating a “potential data breach of an opt-in newsletter hosted on MailChimp.” It has also warned users to not open any emails from noreply@trezor.us, which was the email ID used by scammers to lure Trezor users into opening malicious links.
We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp.
A scam email warning of a data breach is circulating. Do not open any email originating from noreply@trezor.us, it is a phishing domain.
— Trezor (@Trezor) April 3, 2022
MailChimp is a popular B2B email marketing service used for managing mailing lists and creating email marketing campaigns to send to their customers. It was reported and later confirmed by Trezor that an insider of the company was involved in sending these ill-natured links to registered mail IDs of wallet users. Trezor wrote in a Tweet:
“We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity.”
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/
— Trezor (@Trezor) April 3, 2022
Ironically, the fraudulent mail sent to Trezor users reported a fake security breach, stating that “one of the Trezor Suite administrative servers had been accessed by an unauthorized malicious actor.” The mail then asked the recipients to download “the latest version of Trezor Suite,” which took the user to a strikingly similar-looking website to Trezor.
The dupe website used a domain name with Punycode characters to make it look legitimate. One of the differentiating factors was that the sham website used the “trezor.us” domain, which is different from the original “trezor.io.”
@Trezor Just got an email from “noreply@trezor.us” targeting TrezorSuite users. If you got similar, DO NOT ACT upon it. pic.twitter.com/4cldJ46o3N
— pbnather (@pbnather) April 3, 2022
A similar incident occurred last week after crypto lending platform BlockFi suffered from a client data breach after one of its marketing and sales merchants Hubspot suffered a hack.
Trezor suffers from potential data breach as users report phishing scam Our Bitcoin News.