The phishing attack has targeted Trezor wallet users via their registered email addresses.
Users Report Phishing Attack
The news first broke when on Saturday, several Trezor wallet users started circulating screenshots of the attempted attack and warned the rest of the community and Team Trezor on Twitter. Some users reported that an email phishing campaign specifically targeted registered email addresses and other personal information, indicating a potential data breach that has compromised private user information. The users targeted were contacted by the hackers who posed as members of the Trezor team and faked a security breach at the company. These malicious actors would then try to convince the users to download an application from the “trezor.us” domain, which is different from the official “trezor.io” domain of the e-wallet. This was an attempt to induce users to download malicious code under the guise of Trezor’s Suite desktop app.
Data Breach On MailChimp
Following the user reports on Twitter, Trezor looked into the matter on Sunday and revealed that they were investigating a potential data breach of an opt-in newsletter hosted on MailChimp. The announcement also appealed to users, asking them to avoid opening emails from the email address “[email protected]”
Trezor’s following tweets revealed,
"MailChimp [has] confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity.”
Phishing Attacks On The Rise
A phishing attack is becoming the chosen vehicle of attack for cybercriminals. On March 19, DeFi organization BlockFi was exposed to one such phishing attack where hackers gained access to user data hosted on the client-relationship management platform, Hubspot. Although the team did not reveal any further news about the hack, BlockFi assured users that their personal data (passwords, ID information, SSN) were still safe as they were not stored on Hubspot.
Back in 2020, Monero’s ex-maintainer Riccardo “Fluffypony” Spagni had questioned the level of security on Trezor.
“Trezor, in particular, in its current form, is very prone to glitching attacks and so use a passphrase. It does make it more cumbersome, but at least the passphrase is not stored on the device, so it is almost like a second factor of authentication.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.