The Trezor hardware wallet team reported a leak of customer personal data that occurred on the sideMailChimp platform, through which the company conducts marketing mailings. The attackers used user information in a phishing attack.
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. one/
— Trezor (@Trezor) April 3, 2022
“MailChimp has confirmed that their service has been hackedan insider targeting cryptocurrency companies. We managed to disable the phishing domain. We are trying to determine how many email addresses were affected,” the statement said.
Trezor has stopped marketing mailings until the situation is "resolved". Users were advised not to open emails supposedly sent on behalf of the company.
What data was compromised?unknown. The phishing mailing was carried out from a third-party domain trezor.us (the official domain is trezor.io). Users were asked to download the "latest" version of the Trezor Suit wallet management app.
</p>Wow, @Trezor, this is the best phishing attempt Ihave seen in the last few years. I am really lucky I don’t have Trezor, because if I had, I would probably actually download that update. pic.twitter.com/DaBN2Oix11
— Tomáš Kafka (@keff85) April 2, 2022
Read this:
Hackers reveal personal data of 272 thousand users of the Ledger wallet
Sberbank customer data again leaked to the network
Fake Trezor app deprived users of $ 1.6 million in cryptocurrency
Kraken experts managed to extract a seed phrase from Trezor Bitcoin wallet in 15 minutes
Hackers sell personal data to over 200,000 cryptocurrency holders
Apple users' cryptocurrency and personal data are under threat