Reports confirm that Trezor, a cryptocurrency hardware wallet provider, has urgently started a thorough investigation into an alleged massive data breach that may have compromised users’ email addresses and other vital personal information.
On April 3, 2022, numerous users from the crypto Twitter community alarmed the hardware wallet provider on an ongoing email phishing campaign specifically targeting the hardware wallet users through their registered email addresses.
Hey trezor, are you aware of a phishing campaign going on? I just received this email with my actual email on it. It looked very legit. pic.twitter.com/GF0Od6llr2
— josearkaos ⚡️ (@josearkanos) April 3, 2022
Amid ongoing phishing attacks, Trezor users have confirmed receiving spam emails from alleged perpetrators. These criminals impersonated officials, intending to lure funds from unaware investors.
According to whistleblowers, the perpetrator sent an email redirecting application downloads to the “trezor.us” domain. This domain is slightly different from the official Trezor “trezor.io.”
We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp.
A scam email warning of a data breach is circulating. Do not open any email originating from [email protected], it is a phishing domain.
— Trezor (@Trezor) April 3, 2022
Initially, Trezor suspected that the compromised email addresses and other personal information belonged to opted-in users hosted on an American email marketing service provider Mailchimp.
Wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don't have Trezor, because if I had, I would probably actually download that update. pic.twitter.com/DaBN2Oix11
— Tomáš Kafka (@tomaskafka) April 2, 2022
While responding to an alert response from the crypto community after a quick investigation, Trezor confirmed:
“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.”
Trezor And BlockFi Investigate
The hardware wallet service provider has now officially launched a thorough investigation to identify the numbers of stolen email addresses. In the meantime, Trezor has advised all users to avoid links from unofficial sources until further notice.
Buy Crypto NowElsewhere, on March 19, New Jersey-based crypto financial institution BlockFi confirmed a similar data breach and warned investors about the possibility of phishing attacks.
Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za
— BlockFi (@BlockFi) March 19, 2022
According to BlockFi, hackers exploited the vulnerability in client data hosted on Hubspot, a client relationship management platform:
“Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.”
Although it has not summarized its comprehensive data breach report, BlockFi assured users that personal data, including passwords, government-issued Ids, and social security numbers, were not stored on Hubspot.
