Sign In

Email Data Breach? Phishing Attacks Against Trezor

The hardware wallet manufacturer Trezor is investigating a wave of phishing emails warning users about a “data breach”.

 

MailChimp database compromised

Via Twitter, Trezor confirmed that there is an ongoing phishing attack against their users. Apparently, the malicious emails are being sent to addresses that have signed up for the Trezor newsletter, which is hosted on MailChimp.

According to Trezor, MailChimp has confirmed that there indeed was a data breach coming from “an insider targeting crypto companies”, adding:

We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.

Very sophisticated phishing attack

One user, who has received the phishing mail, points out how deceptively real it looks. Perfidiously, the mail correctly states that Trezor’s email database has been leaked, but attempts to trick readers into downloading a malicious update to the Trezor Suite desktop app. For this purpose, the attacker has even launched a spoofed website (trezor.us), whereas the genuine Trezor website is trezor.io.

 

So far, Trezor was able to take down the spoofed website, but still warns users not to open up any emails seemingly sent by them, until further notice. They will not be communicating by newsletter until the situation is resolved.

This article was originally published on

Share to Social Media