This came after bad actors masquerading as the firm, sent out an email stating that [Trezor] experienced a security breach that exposed some customers’ data. The email then asked users to download the latest version of Trezor Suite and change their pin.
To many users, the email looked very real, as it was shared across Twitter. However, the firm was able to clarify the matter, revealing that the email never came from Trezor, but from unauthorized actors unaffiliated with the company.
In its tweet, Trezor said that it’s investigating “a potential data breach of an opt-in newsletter hosted on MailChimp.” It said it has confirmed from MailChimp that the breach targeted crypto companies and asked users to avoid opening any email from “[email protected].”
\Given how authentic the email in the phishing attack seems, it’s likely that some people have fallen for the scam. One of the users who received the email described it as the “best phishing attempt” he had seen in years.
The phishing email provided a download link with the domain name of trezor.us rather than the original trezor.io. As of press time, investigations are still ongoing to determine the extent of the attack, but Trezor has suspended its newsletter, pending further information.
The hardware wallet also confirmed that it has taken down certain domains which the attackers could exploit and said users shouldn’t open any email from Trezor until further notice. It also asked users to only use anonymous email addresses for their crypto-related activities.
Several users, however, have criticized Trezor’s decision to use MailChimp for its email services. Some even compared it to Ledger, another hardware wallet that suffered from a data breach that compromised its mailing list. But there are also suggestions for more secure alternatives for mailing.
Data breaches are rising in the sector
Trezor isn’t the only crypto company that suffered a data breach in recent times. About two weeks ago, BlockFi informed investors of a data breach and the possibility of phishing attacks. The breach resulted from hackers gaining access to the data of BlockFi clients through Hubspot.
Then, the firm confirmed that personal information such as passwords, government-issued IDs, and social security numbers wasn’t affected because they’re not stored on Hubspot.
Nevertheless, the prevalence of these breaches shows the need for a stronger security framework by crypto companies and extra caution on the part of users.
What do you think about this subject? Write to us and tell us!