Trezor, the manufacturer of Trezor Hardware Wallet, has tweeted warning its customers about a recent data breach of its official newsletter that is hosted on MailChimp, and advised users not to open any emails come from “firstname.lastname@example.org”.
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.— Trezor (@Trezor) April 3, 2022
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/
How was Trezor Hardware Wallet’s App Hacked?
The phishing attack was telling users that there has been a fake security breach at the company and requested that all users should download a new fake updated version of the Trezor’s Suite desktop app that is infected with malicious code.
Trezor replied to users sharing this message on Twitter that “this is a phishing attempt. Please, ignore the instructions”.
Hey @Trezor, I just got an email from you or someone spoofing you that Trezor Suite might be compromised due to a hack. The email contains a link to download a newer version. Is that a legit email or a phishing email? Did you guys get hacked and find out about it today?— Undisclosed ₿ (@BitcoinUndisc) April 3, 2022
The Company announced on Twitter that it will stop communicating with users using the newsletter until the situation is resolved. Trezor warned all its users saying “Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity”.
Trezor Hardware Wallet official page on Twitter also announced that Domains trezor(.)us and suite(.)xn--trzor-o51b(.)com have been taken down; meanwhile, the official Trezor Hardware Wallet’s blog site can’t be reached right now at the press time: https://blog.trezor.io/