Trezor, a provider of cryptocurrency hardware wallets, has begun investigating a possible data breach that could have affected users’ email addresses and other personal information.
Earlier today, on April 3, several users of the Crypto Twitter community warned of an ongoing email phishing campaign targeting Trezor users through their registered email addresses.
Hey trezor, are you aware of a phishing campaign? I just received this email with my real email on it. It looked very legit. pic.twitter.com/GF0Od6llr2
— josearkaos ⚡️ (@josearkanos) Apr 3, 2022
In the ongoing attack, several Trezor users have been approached by unauthorized actors posing as the company – with the ultimate intent to steal money by deceiving unwary investors. As part of the attack, users received an email about downloading an app from the ‘trezor.us’ domain, which is different from the official Trezor domain name, ‘trezor.io’.
We are investigating a possible data breach of an opt-in newsletter hosted on MailChimp.
A scam email is circulating warning of a data breach. Do not open an email from noreply@trezor.us, it is a phishing domain.
— Trezor (@Trezor) Apr 3, 2022
Trezor initially suspected that the compromised email addresses belonged to a list of users who signed up for newsletters, which was hosted on a US email marketing service provider Mailchimp.
Wow, @Trezor, this is the best phishing attempt I’ve seen in recent years. I’m really lucky I don’t have Trezor because if I had it I would probably actually download that update. pic.twitter.com/DaBN2Oix11
— Tomáš Kafka (@keff85) Apr 2, 2022
Although Trezor is trying to determine the cause of the situation with an official investigation, users are advised not to click on links from unofficial sources until further notice.
Related: BlockFi Confirms Unauthorized Access to Customer Data Hosted on Hubspot
On March 19, New Jersey-based crypto-financial institution BlockFi proactively confirmed a data breach to alert investors to the possibility of phishing attacks.
With regard to a recent third-party data incident: pic.twitter.com/50z7IrQ1za
— BlockFi (@BlockFi) March 19, 2022
As Coin-Crypto reported, hackers gained access to BlockFi’s customer data hosted on Hubspot, a customer relationship management platform. According to BlockFi:
“Hubspot has confirmed that an unauthorized third party has gained access to certain BlockFi client data residing on their platform.”
While details of the breached data have yet to be identified and disclosed, BlockFi reassured users by emphasizing that personal data — including passwords, government-issued IDs, and Social Security numbers — “is never stored on Hubspot.”