- The data breach may have compromised users’ email addresses and other personal information.
- Users warned of an ongoing email phishing campaign targeting Trezor users via their registered email addresses.
Trezor is a cryptocurrency hardware wallet provider. It has begun an investigation into a possible data breach. The data breach may have compromised users’ email addresses and other personal information. Today several Crypto Twitter users warned of an ongoing email phishing campaign targeting Trezor users via their registered email addresses.
Soon after that Trezor Tweeted and informed their community that “We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp. A scam email warning of a data breach is circulating. Do not open any email originating from [email protected], it is a phishing domain.”
They further informed that MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies. Trezor has managed to take the phishing domain offline. They are trying to determine how many email addresses have been affected.
Trezor said they will not be communicating by newsletter until the situation is resolved. Hence they have requested their community to not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity.
Several Trezor users have been approached by unauthorised actors posing as the company in the attack, with the ultimate goal of stealing money by deceiving unwary investors. As part of the attack, users received an email instructing them to download an app from the ‘trezor.us’ domain, which differs from the official Trezor domain name, ‘trezor.io.’