Cryptocurrency hardware wallet company, Trezor, has initiated an investigation into a data breach of an ongoing email phishing campaign that many users on Twitter reported.
Recently the owners of Trezor wallets were targeted with fake data breach emails arriving at their registered email. On April 3rd, users were warned of the ongoing phishing campaign through warnings and screenshots of the phishing attempts.
They were approached by fraudsters posing as company representatives to steal the cash by deceiving unsuspicious investors. To send the deceptive email, they compromised the popular email marketing service platform Mailchimp through a suspected insider.
The victims and received ones are subscribed to one of the newsletters powered by Mailchimp. The mail consists of a warning that the cryptocurrency holdings of the receiver could be stolen due to a massive security breach. They then direct the user to download an app from the trezor.us domain to protect it. The official domain name of the company is trezor.io.
The fake domain consists of an app that is a fake version of Trezor Suite software. The designers made sure that the website looked authentic by featuring Punycode characters. To add legitimacy to the fake app and domain, they created it so that it is indistinguishable from the original app.
They included a legitimate-looking warning that advises users not to enter their recovery seed unless the physical device instructs them to do so in the wake of the recent phishing attacks.
The aim of the attackers is the seed phrase. It is a series of words generated by the cryptocurrency wallet which provides access to the crypto associated with that wallet. It is a kind of password for crypto users to access their assets. It is formulated to protect the fundamental idea behind cryptocurrency, self-sovereignty.
With the seed phrase, one can access their crypto holding without revealing their identity and not relying on other institutions for safe storage. These phrases are algorithmically generated password-like codes that only the holder has access to and use a series of 12 to 24 simple words because it is simple for humans to store and remember words rather than numbers.
Without the seed phrase, a crypto asset cannot be accessed. It also unlocks private keys of the asset, which are used to send the cryptocurrencies.
Since the victims are all subscribers of Mailchimp, the company advised their customers not to click on links coming from unofficial sources and Trezor through email until further notice. The warning was given in its Twitter post, which said it wouldn’t be communicating through the newsletter until the matter was solved. They also advised the users to use anonymous email addresses for bitcoin-related activity.
After this, Trezor and Mailchimp will join the list of crypto-related attacks that happened recently. In March, Circle, BlockFi, Pantera Capital, NYDIG, and other crypto-related companies reported a data breach through HubSpot, a vendor that stores users’ sensitive information for marketing purposes.
According to the investigation, the leak is targeted at customers in the cryptocurrency industry in HubSpot. The aggressor has hacked into a HubSpot employee account with access to customer accounts. Up to 30 clients were affected by this malicious attack, who notified their customers through email.
According to the company, other personal data such as Social Security numbers are not affected. They fear that leaked information would be used for phishing campaigns like the kind customers of Trezor faced.
- Korean Behemoth Netmarble To Launch Metaverse and NFT Games
- Ethereum Exchange Reserve Declines Over Fortnights
- Bitcoin mining company PrimeBlock to go public