Trezor Warns Users of Newsletter Phishing Attack

Crypto hardware wallet provider Trezor is investigating a possible data breach that has left some of its users vulnerable to phishing attacks, the company said on Twitter on 3 April.

According to the announcement, a malicious actor had contacted several Trezor users posing as the company, asking them to download an application from “trezor.us”, a domain different from the official trezor.io. The individual tried to lure users into downloading the malicious code by claiming that Trezor had experienced a security breach, and this was a fix. Trezor tweeted:

The company initially suspected that the breach came from compromised e-mail addresses that belong to users that signed-ip for a newsletter hosted on email marketing service provider Mailchimp. After further investigation, Mailchimp confirmed that their service had been compromised by an “insider targeting crypto companies”, and that the phishing domain had been taken down. It is still unknown how many e-mail addresses have been affected by this security breach.

Trezor further said it had taken down two more domains related to the phishing attempt, and that it will stop communicating by newsletters until the “situation is resolved”. It also reminded users to use “anonymous” e-mail addresses when engaging in any crypto-related activities.

Trezor is not the first crypto-related company to experience a data breach this year. Last month, crypto financial institution BlockFi confirmed a data breach incident on one of its third-party vendors, Hubspot. BlockFi assured users at the time that their personal data — including passwords, IDs, and social security numbers — were safe as they were “never stored on Hubspot”.