Leading hardware crypto wallet company Trezor has revealed it was partially compromised over the weekend when some of its users were targeted in an email phishing attack.
Confirming earlier rumours, Trezor told its Twitter followers that the company’s MailChimp had been hacked by one of its own who was targeting crypto firms. MailChimp is an email marketing service and customer mailing list management system that companies use to communicate with clients.
“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies,” Trezor said on Sunday.
“We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.”
Earlier in the weekend, some Trezor users tagged the company on Twitter to sound the alarm about the emails they were receiving. According to one user, the hackers, pretending to be Trezor, emailed users telling them that Trezor Suite had been hacked and that they should immediately download a new version.
Hey @Trezor, I just got an email from you or someone spoofing you that Trezor Suite might be compromised due to a hack. The email contains a link to download a newer version. Is that a legit email or a phishing email? Did you guys get hacked and find out about it today?— Undisclosed ₿ (@BitcoinUndisc) April 3, 2022
As a precaution, Trezor announced it would be suspending its email and newsletter systems until the problem was fully resolved.
“We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity.”
MailChimp has not commented on the matter.
The sheer amount of hacks, scams, and heists in crypto has seemed to have increased as of late and has attracted scrutiny from those outside and inside the space. Just last week, in what is thought to be the biggest crypto hack in history, Axie Infinity’s Ronin Network was compromised for over $600 million. Ronin’s team members are currently working with law enforcement officials, forensic cryptographers, and their investors in an attempt to get the funds reimbursed.
Shortly before Axie’s big attack, Arthur Cheong, CEO of Defiance Capital, was hacked via a spear phishing email for $1.7 million non-fungible tokens (NFTs). Cheong’s hacker posed as a new project giving his company a pitch, hiding malware in a doc.x file.
Twitter users pointed out that if someone as experienced and smart as Cheong could get hacked, crypto novices may have a tough road ahead of them.