Crypto hardware wallet provider Trezor has launched an investigation into a possible data breach that may have compromised users’ email addresses and other personal information.
Earlier today, April 3, several users of the Crypto Twitter community warned of an ongoing email phishing campaign specifically targeting Trezor users through their registered email addresses.
In the ongoing attack, several Trezor users have been contacted by unauthorized persons claiming to be the company with the ultimate goal of stealing funds by misleading negligent investors. As part of the attack, users received an email to download an app from the “trezor.us” domain, which is different from Trezor’s official domain name, “trezor.io”.
Trezor initially suspected that the hacked email addresses belonged to a list of users who had signed up for newsletters hosted by US email marketing service provider Mailchimp.
During a further investigation, Tresor declared:
“MailChimp has confirmed that their service has been hacked by an insider targeting crypto companies.”
While Trezor is conducting an official investigation to determine the total number of stolen email addresses, users are advised not to click on links from unofficial sources until further notice.
RELATED: BlockFi Confirms Unauthorized Access to Customer Data Hosted on Hubspot
On March 19, New Jersey-based crypto financial regulator BlockFi proactively confirmed the data breach to warn investors of the potential for phishing attacks.
As Cointelegraph reported, hackers gained access to BlockFi customer data hosted on Hubspot, a customer relationship management platform. According to BlockFi:
Hubspot has confirmed that an unauthorized third party has gained access to some of the BlockFi customer data on their platform.