Customers of Trezor, a popular cryptocurrency hardware provider, are being warned about a convincing phishing campaign that has recently come to light. Trezor is known for making hardware devices that allow users to securely store their digital currency offline.
Several customers took to Twitter over the weekend to report receiving a scam email that claimed a data breach had affected over 100,000 Trezor customers. The email, which appeared to be written in flawless English and sent from a domain similar to Trezor’s official website, warned users that a malicious actor had compromised Trezor Suite servers and gained access to their wallets. Users were instructed to download the latest version of the application to protect their crypto assets. However, in reality, doing so would have exposed their recovery code, allowing the threat actors to steal their digital assets.
Trezor has since confirmed that the scammers targeted one of its newsletters hosted on MailChimp to obtain customer details. The company revealed on Twitter that MailChimp had been compromised by an insider targeting crypto companies, and they had successfully taken the phishing domain offline. Trezor is currently working to determine the extent of the breach and advised customers not to open any emails appearing to come from Trezor until further notice.
Jake Moore, a cybersecurity advisor at ESET, emphasized the importance of staying vigilant against phishing attempts, especially when it comes to cryptocurrency-related communications. Scammers often target cryptocurrency investors in search of a big payday, and the nature of digital assets makes it easier for them to operate without leaving a trace.
As the investigation into the phishing campaign continues, Trezor has temporarily suspended newsletter communications and urged customers to use anonymous email addresses for any bitcoin-related activity. It is crucial for users to exercise caution and verify the authenticity of any communication, even if it appears to be from official sources. With cybercriminals constantly evolving their tactics, staying informed and proactive is essential in safeguarding one’s digital assets.