The Right Place to Buy, Earn, Exchange and Borrow against Your Crypto.

Get Started
Hackers target Trezor crypto wallet users after mailing list got compromised Hackers target Trezor crypto wallet users after mailing list got compromised

Hackers target Trezor crypto wallet users after mailing list got compromised

A malicious actor used social engineering to access an internal tool used by newsletter delivery service Mailchimp.

Hackers target Trezor crypto wallet users after mailing list got compromised

Cover art/illustration via CryptoSlate

Hardware cryptocurrency wallet manufacturer Trezor has divulged that its customers are being targeted by so-called โ€œphishingโ€ attacks after Mailchimp, the firmโ€™s email automation service provider, was โ€œcompromised by an insider targeting crypto companies.โ€

โ€œWe are currently investigating how many customers might have been affected following an insider compromise of a newsletter database hosted on Mailchimp,โ€ Trezor wrote in a blog post today, adding:

โ€œThe Mailchimp security team disclosed that a malicious actor accessed an internal tool used by customer-facing teams for customer support and account administration. The bad actor gained access to this tool as a result of a successful social engineering attack on Mailchimp employees.โ€

Keep your app close, keep your seed phrase closer

Further, the attacker is specifically targeting crypto-related companies, Trezor noted. As a result, its wallet users began receiving phishing emails on Sunday, April 3, asking them to click a link that leads to the download page for a โ€œTrezor Suite lookalike app.โ€

A copy of the phishing email. Image: Trezor
A copy of the phishing email. Image: Trezor

If an unsuspecting user falls into this trap, the malicious app then asks for their seed phraseโ€”basically the private key that gives the perpetrators full access to their crypto holdings. Once entered, the seed gets compromised and usersโ€™ funds are immediately transferred to the attackersโ€™ wallet.

โ€œThis attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app.โ€

Luckily, since potential victims have to actually install the malware on their devices (although there is also a web version), contemporary operating systems should alarm them about its unknown source. โ€œThis warning should not be ignored, all official software is digitally signed by SatoshiLabs,โ€ Trezor pointed out.

Stay vigilant

According to Trezor, the firm has already shut down the phishing domain. However, if some users have entered their seed phrases after all, they should immediately move their crypto to a newly generated address (unless itโ€™s already too late, of course).

โ€œIf you have not received such an email, there is still a chance your email address has been leaked, so it is best to remain vigilant in case a new wave of emails appear. Compromised email addresses may be targeted again in future so please report any new phishing attempts directly to [email protected]โ€

Until this issue is resolved, the wallet manufacturer has ceased any newsletter activity. Additionally, users should โ€œnot open any emails appearing to come from Trezor until further noticeโ€ and make sure they are using anonymous email addresses for โ€œBitcoin-related activity,โ€ the firm urged.

Posted In: Hacks, Scams, Wallets

Connect your wallet, trade with Orion Swap Widget.

Directly from this Widget: the top CEXs + DEXs aggregated through Orion. No account, global access.