"Trezor Customers Phished After MailChimp Compromise"

Customers of a popular cryptocurrency hardware provider have been urged not to reply to any official-looking emails after a convincing phishing campaign was uncovered.  Trezor makes hardware devices that customers can use to store their digital currency, which is a more secure alternative to the online equivalent.  Over the weekend, several customers complained to the firm’s Twitter account after being sent a scam email claiming that a data breach had hit over 100,000 customers.  The email went on to say that a “malicious actor” managed to compromise Trezor Suite servers and therefore access their wallets.  The customers were then urged to download the latest version of the application to ‘protect’ their crypto assets.  In reality, doing so would enable the threat actors to steal the user’s recovery code used to recover wallets in the event a device is lost or stolen.  The email is sent from a convincing “trezor.us” domain, although the official one used by the Prague-headquartered company is “trezor.io.”  Trezor subsequently confirmed yesterday that the scammers had targeted one of its newsletters hosted on popular provider MailChimp to get the details of Trezor customers.  Trezor stated that they managed to take the phishing domain offline and are trying to determine how many email addresses have been affected.  MailChimp has also confirmed that their service has been compromised by an insider targeting crypto companies.   Trezor stated that they would not be communicating by newsletter until the situation was resolved.  They are urging customers not to open any emails appearing to come from Trezor until further notice.

Infosecurity reports: "Trezor Customers Phished After MailChimp Compromise"