According to the Trezor hardware wallet team, it became known about the leakage of personal data of customers that occurred on the side of the MailChimp platform. User data was used for a phishing attack.
We will not be communicating by newsletter until the situation is resolved.
Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity. 2/
— Trezor (@Trezor) April 3, 2022
“MailChimp has confirmed that their service has been hacked by an insider targeting crypto companies. We managed to disable the phishing domain. We are trying to determine how many email addresses were affected,” the statement said.
Trezor has now halted marketing emails until the situation is “resolved.” And users are advised not to open emails supposedly sent on behalf of the company.
There is no information about the time when the data was compromised. The mailing was carried out from the trezor.us domain (the official domain is trezor.io), in which they asked users to update the application to the “latest” version.
Wow @trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don’t have Trezor, because if I had, I would probably actually download that update. pic.twitter.com/DaBN2Oix11
— Tomáš Kafka (@keff85) April 2, 2022
Recall that before that, the attackers published a fake Trezor application in the App Store. Then more than $1.6 million in cryptocurrencies was stolen.