Phishing hits Trezor via Mailchimp leak

Trezor hardware wallet owners were targeted by an elaborate scam that started with a social engineering attack on Mailchimp, an email marketing company Trezor worked with.

Sources at Mailchimp confirmed they have fallen prey to a social engineering attack perpetrated by an “insider targeting crypto companies”. The attacker gained access to Trezor’s email database. At the time of writing, Trezor could not confirm how many email addresses were stolen.

The perpetrator then created a fake phishing domain trezor.us and sent out emails warning against a “security incident”. The email recommended that those who had recently used Trezor Suite download an update and enter their seed. Following those instructions would enable the attacker to seize all assets linked to the wallet.

Source: Trezor blog

As soon as reports of the attack reached Trezor, the company took steps to take the phishing domain offline, adding that they wouldn’t be sending out any newsletters until the issue is fully resolved. They warned users not to open any emails appearing to be from Trezor until further notice.

Trezor stressed that their wallets were as secure as ever, but the fact that the company had entrusted customer data to Mailchimp drew some criticism from the crypto community.