Cryptocurrency hardware wallet provider Trezor has begun investigating a possible data breach that may have compromised users’ email addresses and other personal information.
Today, April 3rd, several users from the Crypto Twitter community warned about an ongoing email phishing campaign specifically targeting Trezor users via their registered email addresses.
Hey Trezor, are you aware of a phishing campaign? I just received this email with my actual email. It looked very legitimate. pic.twitter.com/GF0Od6llr2
— josearkaos ⚡️ (@josearkanos) April 3, 2022
In the ongoing attack, several Trezor users were contacted by unauthorized actors posing as the company with the ultimate intention of stealing funds by misleading unwary investors. As part of the attack, users received an email about downloading an app from the domain “trezor.us”, which is different from the official Trezor domain name “trezor.io”.
We’re investigating a potential data breach of an opt-in newsletter hosted on MailChimp.
A fraudulent data breach warning email is circulating. Do not open emails coming from firstname.lastname@example.org, it is a phishing domain.
— Trezor (@Trezor) April 3, 2022
Trezor initially suspected that the compromised email addresses belonged to a list of users who had signed up for newsletters hosted by an American email marketing service provider, Mailchimp.
Impressive, @Trezor, this is the best phishing attempt I’ve seen in years. I’m really lucky I don’t have Trezor because if I did I would probably actually download this update. pic.twitter.com/DaBN2Oix11
— Tomas Kafka (@keff85) April 2, 2022
While Trezor is attempting to identify the cause of the situation with an official investigation, users are advised to refrain from clicking on links originating from unofficial sources until further notice.
Related: BlockFi confirms unauthorized access to customer data hosted on Hubspot
On March 19, New Jersey-based crypto financial institution BlockFi proactively acknowledged a data breach to warn investors about the possibility of phishing attacks.
Regarding the recent third-party data incident: pic.twitter.com/50z7IrQ1za
– BlockFi (@BlockFi) March 19, 2022
As Cointelegraph reported, hackers gained access to BlockFi customer data hosted on Hubspot, a customer relationship management platform. According to BlockFi:
“Hubspot has confirmed that an unauthorized third party has gained access to certain BlockFi customer data stored on their platform.”
While details of the breached data have yet to be identified and disclosed, BlockFi reassured users by noting that personally identifiable information — including passwords, government-issued ID, and social security numbers — “was never stored on Hubspot.”
https://cointelegraph.com/news/trezor-investigates-potential-data-breach-as-users-cite-phishing-attacks Trezor investigates potential data breaches as users cite phishing attacks