- Trezor users were targeted by a phishing campaign over the weekend
- Trezor has said that the attack was caused by a Mailchimp insider
- Trezor has urged users not to open any emails that appear to be sent by Trezor until further notice
Trezor has issued a statement to its users regarding the latest phishing attack targeting user funds. The crypto wallet company has said that the phishing attack was caused by a MailChimp “insider.”
Trezor phishing attack
Trezor has said that the phishing attack was intended to steal the funds stored in user wallets. The company has been investigating the phishing campaign that happened over the weekend.
The attacker used a compromised mailing list to send fake notifications to users regarding a possible data breach. The phishing campaign was brought into the limelight via Twitter after some users said they had received emails asking them to download an app using the “trezor.us” domain.
The domain used by the attacker was a red flag, given that the official domain for the Trezor cryptocurrency wallet is “trezor.io.” The wallet provider later released a statement confirming the phishing campaign. The attacker was using a compromised email list that belonged to the users that subscribed to the newsletter provided by the MailChimp email marketing service provider.
The email from the attacker read, “We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers and that the wallet associated with your email address is within those affected by the breach.”
The email further instructs the recipient to download the latest version of Trezor Suite to create a new seed phrase that they will use on their hardware wallet. The attacker also attached a download link that takes the user to a phishing website. If a user enters the seed phrase, all the funds in their wallet will be stolen.
Other reports have also said that the attackers downloaded the original source code of Trezor Suite. Just like many blockchain programs, this code is open source. They later used the code to create a fake application similar to the original app used by Trezor.
The attacker attached a message at the top of the screen that alerted users about phishing attacks to ensure authenticity.
Trezor attributes attack to MailChimp insider
Trezor has said that the phishing attack was caused by a MailChimp insider who distributed malicious links to users. Because of this, Trezor has said that it will be halting any communications done via newsletter until the situation has been resolved. It has also urged its users to refrain from opening any emails affiliated with Trezor.
“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected,” Trezor announced. Trezor has already taken down malicious domains, including Trezor.us and Suite.xn.
This is not the first such breach to happen recently. Two weeks back, various crypto-based companies such as Circle, NYDIG, BlockFi and Pantera Capital were affected by a data breach done through HubSpot.
