Yesterday, April 2, an email began to circulate that seeks to deceive users of Trezor, one of the most popular hardware wallets for bitcoin (BTC) and other cryptocurrencies.
The incident was made public on social media. Twitterwhere different users raised their voices to the manufacturing company trying to verify if it was a legitimate statement. Trezor confirmed in the same way that it was a scam attempt type phishing and started working on solving the problem.
The reported email reports on an alleged “security incident” that would have affected more than 100,000 users of the Bitcoin wallet. To be safe from the possible consequences of the incident, users are encouraged to download an application from a website other than shop.trezor.io, which is the official page of Trezor.
Later, Trezor explained that it was a data breach for which MailChimp was responsible and that involved the subscribers of his newsletter. The company in question provides services for sending emails on behalf of various websites and is used especially for newsletters or communications that are sent en masse to subscribers.
MailChimp has confirmed that its service has been compromised by an employee who was targeting crypto-related companies.
We have managed to make the domain (website) of the phishing be knocked down. We are trying to determine how many email addresses have been affected.
Trezor, a manufacturer of Bitcoin hardware wallets.
According to information provided by the manufacturer of the well-known Bitcoin wallet, the malicious email was sent by a MailChimp employee and targeted companies related to cryptocurrencies. This statement leaves open the possibility that Trezor users are not the only ones affected by this type of fraudulent campaign. For this reason, users of any type of service related to cryptocurrencies (wallets, exchanges, informative websites, etc.) should be a little more attentive than usual to what they receive in their mailbox these days.
Bitcoin wallet users are suspicious of the email received
Fortunately, so far, no incident-related losses have been reported by Trezor users. This is due, in part, to how careful many of the recipients of the email have been; who preferred to apply the bitcoiner principle of “do not trust, verify” and went to the company directly to confirm the veracity of the email.
Despite the suspicion of some people, others were saved from falling only because they do not have a wallet of this brand, as is the case with Thomas Kafka. The Twitter user admitted that if he had a Trezor wallet, he would surely have downloaded the malicious app.
The fact that non-Trezor wallet owners have also been contacted confirms that the data breach did not originate from any list of customers or users of the product.
A similar case with another Bitcoin wallet
In July 2020, an event similar to the incident with Trezor occurred. On that occasion, as reported by CriptoNoticias, those affected were the users of Ledger, another well-known Bitcoin wallet.
The Ledger case was much more delicate, as not only the email addresses, but also the phone numbers and home addresses of more than a million users of these wallets were leaked. This is because the attack was made directly to Ledger’s database, which kept all these details about Ledger’s clientele. Victims have since been exposed to face-to-face and cyber attacks.