Hardware crypto wallet Trezor has announced that its users have suffered phishing attacks this weekend that may have compromised users’ registered email addresses with Trezor.
In a Twitter announcement on Sunday, April 3rd, the official channel of Trezor said that they were investigating a potential data breach caused by a phishing email campaign operated through MailChimp. The announcement reads:
We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp.
A scam email warning of a data breach is circulating. Do not open any email originating from [email protected], it is a phishing domain.
— Trezor (@Trezor) April 3, 2022
“We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp.
A scam email warning of a data breach is circulating. Do not open any email originating from [email protected], it is a phishing domain.”
Trezor Phishing Attack: MailChimp Confirms the Compromised Services
On Sunday, April 2nd, many Trezor wallet owners reported receiving phishing emails containing their email addresses registered with Trezor. An email shared by a Twitter user Josearkaos revealed that this phishing campaign warned Trezor users about a security incident on Trezor services and said that users’ crypto assets were at the risk of being stolen.
Hey trezor, are you aware of a phishing campaign going on? I just received this email with my actual email on it. It looked very legit. pic.twitter.com/GF0Od6llr2
— josearkaos ⚡️ (@josearkanos) April 3, 2022
To save their assets, the email asks users to download the latest version of the Trezor Suite through a phishing link and set up a new PIN. The link contains the domain “trezor.us”, which is different from the official Trezor domain name, “trezor.io.”
In subsequent updates, Trezor told that email marketing service MailChimp had confirmed that an insider was targeting crypto companies. The company wrote:
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/
— Trezor (@Trezor) April 3, 2022
“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.”
In the latest update, Trezor announced that it had taken down the phishing domains, and asked users not to open any emails coming from Trezor until further notice. The announcement reads:
Domains trezor(.)us and suite(.)xn--trzor-o51b(.)com has been taken down.
— Trezor (@Trezor) April 3, 2022
“We will not be communicating by newsletter until the situation is resolved.
Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity.”
Trezor is yet to determine the full scope of this incident. However, some reports suggest that many Trezor wallet owners are reporting the complete loss of funds due to this attack. A tweet by Graham Cluley, a cybersecurity expert, reads:
I'm beginning to receive messages from cryptocurrency investors who say their Trezor wallets have been completely emptied after falling for the scam email sent around earlier today… 🙁https://t.co/RMXXNHt8ZN
— Graham Cluley is on Threads, Mastodon, BlueSky (@gcluley) April 3, 2022
“I’m beginning to receive messages from cryptocurrency investors who say their Trezor wallets have been completely emptied after falling for the scam email sent around earlier today.”
With the rise of cryptocurrencies and their related markets like NFTs and DeFi, security breaches and data attacks on crypto firms have seen a drastic rise in the last few months. As Crypto Economy reported, the famous NFT platform Bored Ape Yacht Club’s Discord server was hacked on April 1st. In another phishing attack on the Mutant Ape Kennel Club channel, the hacker was able to steal a valuable Mutant Ape Yacht Club (MAYC) NFT.