Trezor Warns Users of Newsletter Phishing Attack

  • Trezor users reported on Saturday they had received phishing e-mails from individuals that tried to lure them into downloading malicious code.
  • On Sunday Trezor confirmed that Mailchimp had its services compromised by an “insider targeting crypto companies”, and that the phishing domain had been taken down.


Crypto hardware wallet provider Trezor is investigating a possible data breach that has left some of its users vulnerable to phishing attacks, the company said on Twitter on 3 April.

According to the announcement, a malicious actor had contacted several Trezor users posing as the company, asking them to download an application from “”, a domain different from the official The individual tried to lure users into downloading the malicious code by claiming that Trezor had experienced a security breach, and this was a fix. Trezor tweeted:

The company initially suspected that the breach came from compromised e-mail addresses that belong to users that signed-ip for a newsletter hosted on email marketing service provider Mailchimp. After further investigation, Mailchimp confirmed that their service had been compromised by an “insider targeting crypto companies”, and that the phishing domain had been taken down. It is still unknown how many e-mail addresses have been affected by this security breach.

Trezor further said it had taken down two more domains related to the phishing attempt, and that it will stop communicating by newsletters until the “situation is resolved”. It also reminded users to use “anonymous” e-mail addresses when engaging in any crypto-related activities.

Trezor is not the first crypto-related company to experience a data breach this year. Last month, crypto financial institution BlockFi confirmed a data breach incident on one of its third-party vendors, Hubspot. BlockFi assured users at the time that their personal data — including passwords, IDs, and social security numbers — were safe as they were “never stored on Hubspot”.

Related Coverage
Bored Ape Yacht Club Discord Channel Compromised
  • Bored Ape Yacht Club, Doodles, Shamanzs, and Nyoki Discord channels have all been compromised by a hacker, who attempted to use phishing links to steal NFTs.
  • Security researchers have noted that the attacker most likely used a Discord ticket tool to gain access to the NFT-focused channels.
April 1, 2022, 11:58 AM


OpenSea Phishing Attack Affected 17 Users
  • The incident, which affected 17 users on OpenSea, is considered to be a phishing attack as all malicious orders had a valid signatures from the affected users.
  • The CTO of OpenSea also explained the attack had nothing to do with OpenSea’s smart contract upgrade, which began on Friday, as the orders were signed before the migration.