Hackers targeted Trezor, a cryptocurrency hardware wallet. They used the company’s mailing list to send out fake data breach notifications to users.
Mailchimp, a well-known email marketing platform, has confirmed that hackers used an internal tool to steal data from more than 100 of its customers, with the information being used to launch phishing attacks against cryptocurrency users.
What They Are Saying About The Attack
Mailchimp confirmed the breach to the press on Monday, but users of the Trezor hardware cryptocurrency wallet had reported being targeted by sophisticated phishing emails over the weekend. A false email was sent out to users, requesting that they install an impersonated Trezor Suite software, which would allow them to steal their password (recovery seed).
Techviral reported that the fake Trezor data breach email contains the following text: “We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers and that the wallet associated with your e-mail address [email here] is within those affected by the breach.”
Read Also : Lapsus Group Attacks Microsoft and Okta in Cyber Hack
When a user clicks on the download button, a fake software application known as suite.trezor.com is installed in the user’s browser. Punycode characters are used by the website, which allows attackers to impersonate the trezor.com domain by using accented or Cyrillic characters in their message to the user. The official Trezor website is trezor.io, and the user should be aware of this.
Read Also : Hacking group Anonymous Releases 28GB of data stolen from the Russian Central Bank
In a statement sent to The Verge, Mailchimp CISO Siobhan Smyth said “We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers,” Smyth said. “We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”
What is Trezor?
The Trezor is a cryptocurrency hardware wallet. It’s a device for securely holding cryptocurrency private keys offline in ‘cold’ storage. When you want to make a transaction you can plug in your Trezor and it will provide the keys to sign off on a transaction, which is done by physically pushing buttons on the device.
Its design protects cryptocurrency by ensuring keys are always offline and by requiring physical interaction to co