• Phishing Attack on Trezor; Users Warned Against Opening Emails

  • Trezor, a provider of hardware wallets, has acknowledged to consumers that it was the target of a recent phishing assault on Saturday.

    This arose when unscrupulous actors posing as the company sent out an email claiming that [Trezor] had a security breach that exposed some of its customers’ data. The email then instructed recipients to download the most recent version of Trezor Suite and change their pin.

    Because it was posted on Twitter, the email appeared to many users to be genuine. However, the company was able to clarify the situation, showing that the email did not originate with Trezor, but rather with unauthorized actors unaffiliated with the company.

    Trezor stated in a tweet that it is looking into “a probable data breach of an opt-in newsletter housed on MailChimp.” It stated that MailChimp acknowledged the attack targeted crypto companies and advised consumers to avoid opening any email from “noreply@trezor.us.”

    Given how genuine the email in the phishing attack appears, some consumers are likely to have fallen for the deception. One of the recipients of the email called it the “greatest phishing attempt” he’d seen in years.

    The phishing email included a download link with the URL trezor.us rather than trezor.io. As of press time, investigations into the scope of the attack were still ongoing, but Trezor had discontinued the newsletter pending additional information.

    The hardware wallet also stated that it has disabled specific domains that attackers could exploit and advised users not to open any emails from Trezor until further notice. It further requested that users exclusively utilize anonymous email addresses for crypto-related operations.

    However, few customers have opposed Trezor’s decision to use MailChimp for email services. Some have even compared it to Ledger, another hardware wallet that experienced a data leak that compromised its email list. There are, however, options for more secure email solutions.

    Data breaches are becoming more common in the industry.

    Trezor isn’t the only cryptocurrency startup that has recently had a data leak. BlockFi notified investors of a data breach and the likelihood of phishing attempts about two weeks ago. Hackers gained access to BlockFi clients’ data via Hubspot, resulting in the breach.

    Personal information such as passwords, government-issued IDs, and social security numbers were not compromised because they are not saved on Hubspot.

    Nonetheless, the ubiquity of these breaches highlights the need for crypto firms to implement a stronger security architecture and for consumers to exercise extra vigilance.

    What's your reaction?