A crypto hardware wallet provider firm Trezor has begun investigating a possible data breach after numerous users on Twitter complained about an ongoing phishing attack.
Users also alarmed the firm that they received a misleading email asking to download an application from the “trezor.us” domain. Note that, “trezor.us” is a phishing domain unrelated to the official Trezor domain name, “trezor.io”.
The phishing campaign has specifically targeted Trezor users via their registered email addresses. Consequently, Trezor users have been contacted by unauthorized actors posing as the company – with the ultimate intention to steal funds from unwary investors.
This clearly indicates that users’ email addresses and other personal informations have been compromised in this scamming attempt. Trezor suspected that the compromised email addresses belong to those users who opted-in for newsletters. These newsletters were hosted on an American email marketing service provider Mailchimp.
Trezor also informed that MailChimp’s service has been compromised by an insider targeting crypto companies. Moreover, users are suggested not to click on links coming from unofficial sources until further notice.
Currently, Trezor is investigating to identify the total number of stolen email addresses.
Users also said that the scam email with actual email addresses of them seemed authentic and they almost have fallen into a trap. Last month, another leading crypto service provider BlockFi fell prey to a data breach. An unauthorized third party had gained access to some of its customer data on Hubspot.
Fortunately, BlockFi later assured that personal data including passwords, govt., IDs etc, were not stored on Hubspot. Though the cryptocurrency has a lot of potential in becoming mainstream, the flip side is – that it’s prone to data breaches.