The cryptocurrency hardware wallet company, Trezor, has confirmed reports that some users were targeted by a phishing attack this weekend.
In a tweet on Sunday, a warning was issued by Trezor stating that the phishing campaign targeted Mailchimp’s newsletter database and that their service had been compromised. Trezor confirmed that a phishing campaign targeting Trezor wallet owners via their registered email accounts was reported by a number of users. Unauthorized actors acting as the company in the continuing campaign have approached several Trezor users with the intention of stealing money by tricking unsuspecting investors.
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/
— Trezor (@Trezor) April 3, 2022
Users received an email about downloading an app from the “trezor.us” domain and informed users to avoid opening emails from “noreply@trezor.us”. This is different from the official Trezor domain “trezor.io”. The phishing email (copy found below) appears to direct users to download a Trezor Suite lookalike app, that will prompt you to connect your Trezor wallet and enter your seed phrase. Your seed phrase is then compromised once entered and funds transferred to the attacker’s own wallet.
Copy Of Phishing Email | Image Credit: Trezor.io
Trezor has since announced that it had taken down the domains used in the phishing emails to prevent any more attacks and that as of the moment the company won’t be communicating with its customers via email until fully resolved. But this is by far not the first attack amongst crypto companies, as last March, BlockFi confirmed a data breach had occurred under Hubspot which gave unauthorized third-party access to certain client data. As well recently, the BAYC confirmed that their Discord servers were compromised and that hackers even managed to steal a valuable Mutante Ape Yacht Club NFT. As well, it is noted that Decentraland had fallen victim as well to the same phishing attack as user’s email addresses were acquired due to a MailChimp data breach.
We will not be communicating by newsletter until the situation is resolved.
Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity. 2/— Trezor (@Trezor) April 3, 2022
Domains trezor(.)us and suite(.)xn--trzor-o51b(.)com has been taken down.
— Trezor (@Trezor) April 3, 2022
To read the full details on the phishing attack and how to handle it yourself if you have fallen victime to it, you may read Trezor’s full blog post here.
Source: Yugatech
Hello, my name is Jack Sparrow. I'm a 50 year old self-employed Pirate from the Caribbean.
No comments:
Post a Comment