Cold wallet manufacturer Trezor has confirmed to users that they are the subject of a phishing attack that occurred on Saturday.
Specifically, the scammers impersonated the company, sending out an email stating that [Trezor] had experienced a security breach that exposed the data of several customers. The email then asks the user to download the latest version of Trezor Suite and change the wallet pin.
According to many users, the phishing emails look so much like the real thing because they have been widely shared on Twitter. However, the company clarified the matter and claimed the email never came from Trezor, but from scammers who have no connection to the company.
In its tweet, Trezor said it was investigating "the potential data breach risk of an opt-in newsletter being hosted on MailChimp." Besides, they confirmed the attack targeted crypto companies and asked users to avoid opening any emails from “email@example.com”.
Given the level of authenticity of the email in the phishing attack, it's likely that some people have fallen for the trap. One of the users who received the email described it as "the most sophisticated scam" he had seen in years.
Wow, @Trez is, this is the best phishing attempt I have seen in the last few years. I am really lucky I don't have Trezor, because if I had, I would probably actually download that update. pic.twitter.com/DaBN2Oix11
— Tomáš Kafka (@keff85) April 2, 2022
The phishing email provided a download link with the trezor.us domain instead of the official trezor.io domain. As of press time, investigations are still underway to determine the extent of the attack, but Trezor has suspended its newsletter pending further information.
The company also confirmed it had taken down certain domains that attackers could exploit and asked users not to open any emails from Trezor until further notice. They also require users to only use anonymous email addresses for their crypto-related activities.
We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp.
A scam email warning of a data breach is circulating. Do not open any email originated from firstname.lastname@example.org, it is a phishing domain.
— Trezor (@Trezor) April 3, 2022