CryptoWallCity vs MEXC Exchange

Trezor was hit by a phishing attack with a sophisticated email

Hardware wallet maker Trezor confirmed to users that it suffered a phishing attack on Saturday.

This happened after the bad guys, posing as the company, sent an email announcing that Trezor had encountered a security breach that exposed the data of some customers. The email then asks the user to download the latest version of Trezor Suite and change their pin.

To many users, the email looks as real as it is shared on Twitter. However, the company clarified that the email was not sent by Trezor, but from malicious actors that have nothing to do with the company.

In his tweet, Trezor said it was investigating “a potential data breach of an opt-in newsletter hosted on MailChimp.” They say they have confirmed from MailChimp that the bad guys target crypto companies and ask users to avoid opening any emails from “noreply@trezor.us”.

Given the extent of email authenticity in a phishing attack, it’s likely that some people have fallen for the trap. One of the users who received the email described it as “the most sophisticated phishing attempt” he had seen in years.

Wow, , this is the best phishing attempt I have seen in the last few years. I am really lucky I don’t have Trezor, because if I had, I would probably actually download that update. pic.twitter.com/DaBN2Oix11

— Tomáš Kafka (@keff85)

The phishing email provided a download link with the trezor.us domain instead of the original trezor.io. As of press time, investigations are still underway to determine the extent of the attack.

The hardware wallet also confirmed that it had taken down certain domains that attackers could exploit and said users should not open any emails from Trezor until further notice. They also require users to only use anonymous email addresses for crypto-related activities.

However, some users have criticized Trezor’s decision to use MailChimp for its email services. Some even compared it to Ledger, another hardware wallet whose data breach affected its mailing list. But there are also suggestions for safer alternatives to mailing.

Trezor is not the only crypto company to suffer a recent data breach. Earlier, BlockFi notified investors of a data breach and the possibility of phishing attacks. The breach was caused by hackers gaining access to the data of BlockFi clients through Hubspot.

The company then confirmed that personal information such as passwords, government-issued IDs, and social security numbers were not affected as they were not stored on Hubspot.

However, the prevalence of these breaches highlights the need for a stronger security framework by crypto companies and greater caution on the part of users.