Trezor, a cryptocurrency hardware wallet company, has initiated an investigation into a probable data breach of an ongoing email phishing campaign which has been reported by various users on Twitter.
On April 3, numerous members of the Crypto Twitter community warned about an ongoing email phishing campaign targeting Trezor users via their registered email accounts.
Several Trezor users have been approached by unauthorized actors posing as the company in the ongoing campaign, with the ultimate goal of stealing cash by deceiving naive investors.
Users were sent an email about installing an app from the ‘trezor.us’ domain, which is different from the official Trezor domain name, ‘trezor.io,’ as part of the attack.
Trezor first assumed the hacked email addresses belonged to a list of users who had opted-in for newsletters hosted by Mailchimp, an American email marketing service provider.
Trezor announced the following after additional investigation:
“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.”
While Trezor conducts an official investigation to determine the total number of stolen email addresses, users should refrain from clicking on links from unauthorized sources until further notice.
BlockFi also warns about phishing attacks
BlockFi, a crypto-financial institution situated in New Jersey, proactively verified a data breach on March 19 to alert investors about the risk of phishing attempts.
Hackers acquired access to BlockFi’s client data held on Hubspot, a client relationship management platform, according to reports. BlockFi claims that:
“Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.”
While the specifics of the data breach have yet to be uncovered, BlockFi reassured consumers by stating that personal information such as passwords, government-issued IDs, and social security numbers “were never saved on Hubspot.”