A new campaign targeting Trezor hardware wallet users is in the wild, where hackers are mailing them with fake breach notifications and asking them to download a fake Trezor app.
The motive of this campaign is to steal the Trezor wallet recovery phrase of the users and eventually steal their cryptocurrency balances . Trezor later confirmed that their mailing list was hacked at the end of MailChimp, their mailbox partner. Thus, users are advised to be vigilant about this campaign.
Phishing Campaign Targeting Trezor Users
Trezor is one of the best and most reliable hardware wallets. It lets you store your cryptocurrency in an offline mode, rather than on your internet-connected PC or in some cloud platform. Since it’s safer, people may feel relaxed having their stuff stored in it.
But there’s a campaign targeting them too, with a fake data breach notification spread through a stolen mailing list from MailChimp, Trezor’s emailing partner. Trezor today confirmed that their users’ mailing list was compromised by MailChimp “insider” targeting cryptocurrency companies.
We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp. A scam email warning of a data breach is circulating. Do not open any email originating from [email protected] , it is a phishing domain. — Trezor (@Trezor) April 3, 2022
