Security Breach: MailChimp Insider Launched Phishing Attack on Trezor Users

Welcome back to the Tribe! In this post we dive into the Phishing Attack on Trezor users!

Nothing should be considered investment or financial advice. Enjoy the ride!

Phishing Attack on Trezor

Trezor cryptocurrency wallet users fell to a phishing scam deployed through the popular mass mailing and newsletter service MailChimp. The attacker used a cloned Trezor suite to lure users into creating a new seed phrase for their wallets.

Reports claim the attacker is a MailChimp insider but no confirmation has been provided thus far. The news comes a few weeks after a few digital asset companies supposedly experienced a data breach from a third-party service.

Trezor Users Targeted in Phishing Campaign

According to a statement released on Sunday (March 3, 2022) by the official Trezor Twitter account, a phishing attack was launched against the company’s users via an email service called MailChimp. The campaign attempted to obtain seed phrases and private keys to digital wallets belonging to Trezor Suite users. 

Founded in 2013 by Marek Palatinus, the Prague-based blockchain startup provides cryptocurrency hardware wallet facilities to customers. The company also provides an online suite for users to manage wallet details such as seed phrases and private keys.

Some crypto holders opt for hardware wallets due to their supposed optimized security protocols. They’re usually deployed by investors with large crypto assets. However, they can also hold smaller amounts. 

Unlike software wallets and browser plugins like MetaMask, Phantom, and Solflare, hardware wallets cannot be accessed remotely. Also, the general industry sentiment maintains that they offer the best method to protect your private keys. 

Major hardware wallets include names like Ledger, Trezor, and SecureX to name a few.

Trezor’s Resonse

Trezor representatives claim the firm first noticed the phishing attempt over the weekend. A number of users posted complaints and screenshots of a fake, yet convincing email. One user ‘josearkanos’ said the email seemed “very legit”. 

Another user ‘keff85’ described the email campaign as the best phishing attempt they had seen in a long time.

The scam mail claimed that Trezor had suffered a data leak and asked users to download an updated version of the Suite tool to create a new seed phrase. However, the link attached redirected users to a clone app under the domain name “trezor.us”. The phishing mail reads:

“We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers and that the wallet associated with your e-mail address [email here] is within those affected by the breach.”

Trezor’s official website is registered as “trezor.io”. Following the multitude of reports, the wallet developer released a statement saying:

“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.”

The startup also stressed that all communication via newsletter has been halted until further notice. Also, Trezor advised all wallet users to leverage an anonymous email account for all bitcoin-related activity. 

As of the time of writing this report, it remains unclear whether any users lost access to their assets or wallets.

Other News – Indian Cryptopreneurs

Coinbase Ventures is set to conduct an in-person pitching event for Indian cryptopreneurs to help boost the country’s growing crypto and Web3 industry.

Read more here…

Phishing Attack on Trezor News

Thanks for reading our post on the phishing attach on Trezor users.

Make sure to follow our Twitter to stay up-to-date on all things crypto!

Cheers