December 5, 2022

Numerous users on Twitter alarmed Trezor of an ongoing email phishing campaign specifically targeting Trezor users via their registered email addresses.

Source: CoinTelegraph

Cryptocurrency hardware wallet provider Trezor has begun investigating a possible data breach that may have compromised users’ email addresses and other personal information. 

In the ongoing attack, several Trezor users have been contacted by unauthorized actors posing as the company — with the ultimate intention to steal funds by misleading unwary investors. As part of the attack, users received an email about downloading an application from the “trezor.us” domain, which is different from the official Trezor domain name, “trezor.io.”

Trezor initially suspected that the compromised email addresses belong to a list of users who opted-in for newsletters, which was hosted on an American email marketing service provider Mailchimp. 

Through further investigation, Trezor announced:

“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.”

While Trezor officially investigates to identify the total number of stolen email addresses, users are advised not to click on links coming from unofficial sources until further notice. 

On March 19, New Jersey-based crypto financial institution BlockFi proactively confirmed a data breach to warn investors about the possibility of phishing attacks.

As Cointelegraph reported, hackers gained access to BlockFi’s client data that was hosted on Hubspot, a client relationship management platform. According to BlockFi:

“Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.”