Hardware wallet maker Trezor has confirmed a data leak that exposed emails from wallet users. According to the company, a phishing attack was responsible for the information leak, which took place over the weekend.
According to Trezor, the leak did not affect user data or passwords. However, several emails were leaked through MailChimp, the email marketing service used by Trezor.
Hackers used the list to apply fraud and fake emails, trying to steal wallet keys. Trezor reiterates that these emails are fake and that the user must not click on links given by him.
Attack exposes user emails
The leak was initially identified by users, who shared the information on Twitter. The message stated that the wallet password had been corrupted and needed to be recreated. For this, users would need to create a new password.
“We regret to report that Trezor has experienced a security incident involving data belonging to 106,856 of our customers. The wallet associated with your email address is within those affected by the breach,” the email reads.
Then the fake email asked users to download a new version of the Trezor Suite app and set up a new seed phrase in their hardware wallet. The email also contains the “Download Latest Version” button, mimicking the company’s official design.
However, upon downloading, the app directs users to a fake website controlled by the hacker. If the user enters his wallet passwords, hackers will have access to all wallet funds.
The proof of fraud is that the fake email has the domain “trezor.us”. However, the official domain name of Trezor is “trezor.io”.
Reports also suggest that the fraudsters behind the attack also downloaded the original source code of the Trezor Suite, which is open source. Then they created a fake version of the app that is completely identical to the original. Even a warning message against fake websites and apps was reproduced in the fake version.
Trezor confirms leak
The phinsing attack took place on Friday (1), but confirmation from Trezor came two days later. The company claimed it was an insider attack: someone inside MailChimp leaked the information to the hackers.
“MailChimp confirmed that their service was compromised by an internal leak. We managed to take down the fake domain, which is now offline. We are trying to determine how many email addresses were affected.”
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/
— Trezor (@Trezor) April 3, 2022
The company also stated that it will not use email communications until the situation is resolved. Therefore, wallet users should not open any emails coming from Trezor for the time being.
Passwords were not hacked, but users should beware of attacks.
This time it was just emails, but it’s still serious, since the attacker can look for ways to invade you if the person doesn’t use physical two-factor authentication (2FA) devices. The most important thing is to know that your cryptocurrencies are safe in your physical wallet and that people should never enter their backup words except in the wallet itself.