Popular cryptocurrency wallet company Trezor has announced that it is investigating the email phishing campaign that targeted its users this weekend.
The compromised mailing list was used to send fake data breach notifications and tried to steal funds from wallets.
It all started when several users took to Twitter to to reveal about receiving emails to download an application from the “trezor.us” domain. However, the official domain name for Trezor is “trezor.io”. The company later confirmed that the compromised email addresses belonged to those users who subscribed to newsletters hosted by Mailchimp, an email marketing service provider.
The face email said,
“We regret to inform you that Trezor experienced a security incident involving data belonging to 106,856 of our customers and that the wallet associated with your email address [email here] is among those affected by the breach.
Additionally, it prompts users to download the latest Trezor Suite to set up a new seed phrase on their hardware wallet. The email also contains a “Download Latest Version” button, which directs users to a phishing site where, by entering the seed, they will lose all funds.
Reports also suggest that the scammers behind the attack also downloaded the original Trezor Suite source code (since it is open source) and created their own fake app modified to look identical to the legitimate one. The fake suite ironically also had a banner at the top of the screen warning users about phishing attacks.
in a statementTrezor revealed that a MailChimp “infiltrator” had carried out the phishing attack by sending malicious links to users.
“MailChimp has confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.”
The crypto wallet company also stated that it will not be communicating via newsletter until the situation is resolved and urged its users not to open any emails that appear to come from Trezor until further notice. So far, it also reported that the phishing domains trezor(.)us and suite(.)xn--trzor-o51b(.)com have been removed.
The latest development comes just two weeks after crypto lending platform BlockFi, along with Circle, Pantera Capital, NYDIG, suffered a data breach via a third-party provider – HubSpot. The scammer targeted individuals in the cryptocurrency industry.
SPECIAL OFFER (Sponsored)
Binance Free $100 (Exclusive) – Use this link to sign up to receive $100 free and 10% off Binance Futures first month fees (terms).
PrimeXBT Special Offer: Use this link to register and enter the code POTATO50 to receive up to $7,000 on your deposits.
This post Trezor users targeted in MailChimp exploit
was published first on https://cryptopotato.com/trezor-users-targeted-in-a-mailchimp-exploit/