Trezor Users Targeted in a MailChimp Exploit
Author: Chayanika Deka Last Updated Apr 4, 2022 @ 09:36
Trezor informed its users that a MailChimp “insider” is behind the latest phishing attack to steal funds stored in their wallets after compromising a mailing list.
Popular cryptocurrency wallet company, Trezor announced investigating the email phishing campaign that targeted its users this weekend.
The compromised mailing list was used to send fake notifications of data breaches and tried to steal funds from wallets.
Phishing Attack
It all started when several users took to Twitter to reveal about receiving emails to download an app from the “trezor.us” domain. However, the official Trezor domain name happens to be – “trezor.io.” The company later confirmed that the email addresses which were compromised belonged to those users who subscribed for newsletters hosted on Mailchimp, an email marketing service provider.
The face email read,
“We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers and that the wallet associated with your e-mail address [email here] is within those affected by the breach.”
It further asks users to download the latest Trezor Suite to set up a new seed phrase on their hardware wallet. The email also contains the “Download Latest Version” button, which directs users to a phishing site where, upon entering the seed, they will lose all the funds.
2 comments