Cryptocurrency hardware wallet provider Trezor has begun investigating a potential data breach that may have compromised users’ email addresses and other personal information.
early today, On April 3, several users in the crypto-Twitter community warned of an ongoing email phishing campaign specifically targeting Trezor users via their registered email addresses.
Hey trezor, are you aware of a phishing campaign going on? I just received this email with my actual email on it. It looked very legit. pic.twitter.com/GF0Od6llr2
— josearkaos ⚡️ (@josearkanos) April 3, 2022
Hello trezor, are you aware of a phishing campaign? I just received this email with my real email. It seemed very legit.
In the ongoing attack, several Trezor users have been contacted by unauthorized actors posing as the company, with the ultimate intention of stealing funds by tricking unsuspecting investors. As part of the attack, users received an email about downloading an app from the domain ‘trezor.us’, which is different from Trezor’s official domain name ‘trezor.io’.
We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp.
A scam email warning of a data breach is circulating. Do not open any email originating from firstname.lastname@example.org, it is a phishing domain.
— Trezor (@Trezor) April 3, 2022
We are investigating a possible data breach of a newsletter subscription hosted by MailChimp.
An email scam is circulating that warns of a data breach. Do not open any email originating from email@example.com, it is a phishing domain.
Trezor initially suspected that the compromised email addresses belonged to a list of users who opted in to receive newsletters, which was hosted by a US email marketing service provider, Mailchimp.
wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don’t have Trezor, because if I had, I would probably actually download that update. pic.twitter.com/DaBN2Oix11
— Tomas Kafka (@keff85) April 2, 2022
- Wow @Trezor, this is the best phishing attempt I’ve seen in years. I’m really lucky I don’t have Trezor, because if I did, I’d probably download that update.
Through further investigation, Trezor announced:
“MailChimp has confirmed that its service has been compromised by an insider targeting crypto businesses.”
While Trezor is officially investigating to identify the full number of stolen email addresses, users are advised not to click on links from unofficial sources until further notice.
On March 19, New Jersey-based crypto-financial institution BlockFi proactively confirmed a data breach to warn investors about the possibility of phishing attacks.
Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za
— BlockFi (@BlockFi) March 19, 2022
As Cointelegraph reported, the hackers gained access to BlockFi customer data that was hosted on Hubspot, a customer relationship management platform. According to BlockFi:
“Hubspot has confirmed that an unauthorized third party gained access to certain BlockFi customer data hosted on its platform.”
While the details of the breached data have yet to be identified or disclosed, BlockFi reassured users by highlighting that personal data, including passwords, government-issued IDs, and social security numbers, “was never stored in Hubspot.”
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.