Trezor Customers Phished After MailChimp Compromise

Written by

Customers of a popular cryptocurrency hardware provider have been urged not to reply to any official-looking emails after a convincing phishing campaign was uncovered.

Trezor makes hardware devices that customers can use to store their digital currency – a more secure alternative to the online equivalent.

However, over the weekend, several of them complained to the firm’s Twitter account after being sent a scam email claiming that a data breach had hit over 100,000 customers.

The email went on to say that a “malicious actor” managed to compromise Trezor Suite servers and therefore access their wallets.

They were urged to download the latest version of the application to ‘protect’ their crypto assets. In reality, doing so would enable the threat actors to steal the user’s recovery code used to recover wallets in the event a device is lost or stolen.

The email appears to be written in faultless English and sent from a convincing “” domain, although the official one used by the Prague-headquartered company is “”

Trezor subsequently confirmed yesterday that the scammers had targeted one of its newsletters hosted on popular provider MailChimp to get the details of Trezor customers.

“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected,” it said in a Twitter update.

“We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity.”

Jake Moore, a global cybersecurity advisor at ESET, argued that scammers often target cryptocurrency investors looking for a big payday.

“Furthermore, if malicious actors can make off with the digital assets, they are likely to be able to do so without leaving any evidence in their wake, making this one of the most sought-after offenses by modern day cyber-criminals,” he added.

“We must all be vigilant to phishing attempts but even more so with any communications referring to cryptocurrencies, even if they purport to be from official lines.”

What’s hot on Infosecurity Magazine?