Trezor Data Breach Phishing: Difference between revisions
(Another 30 minutes complete. All open tabs integrated into the case. Prevention fully up to date.) |
(Another 30 minutes complete. Integrated information about MrChaBuDuo.) |
||
| Line 104: | Line 104: | ||
|FXEmpire Article | |FXEmpire Article | ||
|FXEmpire reports that Trezor has issued a warning about a phishing attack that targeted some of its users<ref name=":8">[https://www.fxempire.com/news/article/trezor-issues-data-breach-warning-as-users-cite-phishing-attacks-957001 Trezor Issues Data Breach Warning As Users Cite Phishing Attacks - FXEmpire] (Jul 5, 2023)</ref>. Users received an email posing as Trezor, asking them to download an app from a fraudulent domain called 'trezor.us' instead of the official Trezor domain, 'trezor.io'. Trezor suspects that the compromised email addresses may belong to users who opted in for newsletters hosted on email marketing service provider Mailchimp. The company is investigating the data breach and has advised users not to click on links from unofficial sources<ref name=":8">[https://www.fxempire.com/news/article/trezor-issues-data-breach-warning-as-users-cite-phishing-attacks-957001 Trezor Issues Data Breach Warning As Users Cite Phishing Attacks - FXEmpire] (Jul 5, 2023)</ref>. The article is later reposted to Yahoo Finance<ref name="yahoofinance-7725" /> within several hours<ref>[https://web.archive.org/web/20220403230626/https://finance.yahoo.com/news/trezor-issues-data-breach-warning-160241180.html Trezor Issues Data Breach Warning As Users Cite Phishing Attacks - Yahoo Finance Archive April 3rd, 2022 5:06:26 PM MDT] (Apr 18, 2023)</ref>. | |FXEmpire reports that Trezor has issued a warning about a phishing attack that targeted some of its users<ref name=":8">[https://www.fxempire.com/news/article/trezor-issues-data-breach-warning-as-users-cite-phishing-attacks-957001 Trezor Issues Data Breach Warning As Users Cite Phishing Attacks - FXEmpire] (Jul 5, 2023)</ref>. Users received an email posing as Trezor, asking them to download an app from a fraudulent domain called 'trezor.us' instead of the official Trezor domain, 'trezor.io'. Trezor suspects that the compromised email addresses may belong to users who opted in for newsletters hosted on email marketing service provider Mailchimp. The company is investigating the data breach and has advised users not to click on links from unofficial sources<ref name=":8">[https://www.fxempire.com/news/article/trezor-issues-data-breach-warning-as-users-cite-phishing-attacks-957001 Trezor Issues Data Breach Warning As Users Cite Phishing Attacks - FXEmpire] (Jul 5, 2023)</ref>. The article is later reposted to Yahoo Finance<ref name="yahoofinance-7725" /> within several hours<ref>[https://web.archive.org/web/20220403230626/https://finance.yahoo.com/news/trezor-issues-data-breach-warning-160241180.html Trezor Issues Data Breach Warning As Users Cite Phishing Attacks - Yahoo Finance Archive April 3rd, 2022 5:06:26 PM MDT] (Apr 18, 2023)</ref>. | ||
|- | |||
|April 3rd, 2022 1:40:28 PM MDT | |||
|MrChaBuDuo Reports Losses | |||
|MrChaBuDuo reports falling for the phishing attack and losing £55,000 on Reddit<ref name=":9">[https://old.reddit.com/r/Bitcoin/comments/tvhu4n/i_fell_victim_to_the_trezor_phishing_scam/ MrChaBuDuo - I fell victim to the Trezor phishing scam - Reddit] (Jul 19, 2023)</ref>. He was reportedly lacking sleep, hung over, and distracted with an argument with his girlfriend at the time. He ended up installing the malware and entering his seed phrase in the wallet setup process. | |||
|- | |||
|April 3rd, 2022 4:17:37 PM MDT | |||
|Report By DrRobertBottle | |||
|Reddit user DrRobertBottle reports he got the phishing email and it "was crafted very well". He didn't fall for it because it was in his spam folder<ref name=":10">[https://old.reddit.com/r/Bitcoin/comments/tvhu4n/i_fell_victim_to_the_trezor_phishing_scam/i3a0qjw/ DrRobertBottle - "I got that phishing email too. It was crafted very well. It was also sent to an email address that is only associated with Trezor." - Reddit] (Jul 19, 2023)</ref>. | |||
|- | |- | ||
|April 4th, 2022 10:34:10 AM MDT | |April 4th, 2022 10:34:10 AM MDT | ||
| Line 177: | Line 185: | ||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost is unknown. It is not likely to be possible to determine the exact amount lost accurately. TBD - any information on what's been reported? | The total amount lost is unknown. It is not likely to be possible to determine the exact amount lost accurately. TBD - any information on what's been reported? | ||
Coins reportedly went to bitcoin address bc1qs0m8x6pha4fvptgl3w9hcgs20npd8pv59l3aca<ref name=":11">[https://old.reddit.com/r/Bitcoin/comments/tvhu4n/i_fell_victim_to_the_trezor_phishing_scam/i3a9r89/ MrChaBuDuo - "bc1qs0m8x6pha4fvptgl3w9hcgs20npd8pv59l3aca" - Reddit] (Jul 19, 2023)</ref>. TBD - Controversy in the thread about this address. | |||
=== Losses Reported By MrChaBuDuo === | |||
MrChaBuDuo was a Trezor user from the UK who fell victim to the scam and reportedly lost £55,000<ref name=":9" />. Coins reportedly went to bitcoin address bc1qs0m8x6pha4fvptgl3w9hcgs20npd8pv59l3aca<ref name=":11" />. | |||
== Immediate Reactions == | == Immediate Reactions == | ||
| Line 205: | Line 218: | ||
=== Users Report Phishing on Twitter === | === Users Report Phishing on Twitter === | ||
<ref name="josearkanostwitter-7727" /><blockquote>"Wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don't have Trezor, because if I had, I would probably actually download that update."</blockquote> | <ref name="josearkanostwitter-7727" /><ref name=":10" /><ref>[https://old.reddit.com/r/Bitcoin/comments/tvhu4n/i_fell_victim_to_the_trezor_phishing_scam/i3blv7d/ GnarWhale99 - "Just checked my spam folder and got one from noreply @trezor.US instead of .io People need to be smarter" - Reddit] (Jul 19, 2023)</ref><ref>[https://web.archive.org/web/20220404062812/https://old.reddit.com/r/Bitcoin/comments/tvhu4n/i_fell_victim_to_the_trezor_phishing_scam/i3blv7d/ GnarWhale99 - "Just checked my spam folder and got one from noreply @trezor.US instead of .io People need to be smarter" - Reddit Archive April 4th, 2022 12:28:12 AM MDT] (Jul 19, 2023)</ref><ref>[https://old.reddit.com/r/Bitcoin/comments/tvhu4n/i_fell_victim_to_the_trezor_phishing_scam/i3cw239/ <nowiki>gigahydra - "and then those [scammers] will start using browser-in-browser attacks or other techniques that are harder to detect. The fact that there are enough people who fall for low-budget phish bait actually serves to make the rest of us safer, as it makes it uneconomical to spend the time building more sophisticated lures." - Reddit</nowiki>] (Jul 19, 2023)</ref><blockquote>"Wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don't have Trezor, because if I had, I would probably actually download that update."</blockquote><blockquote>I got that phishing email too. It was crafted very well. It was also sent to an email address that is only associated with Trezor.</blockquote><blockquote>Just checked my spam folder and got one from noreply @trezor.US instead of .io People need to be smarter</blockquote><blockquote>and then those [scammers] will start using browser-in-browser attacks or other techniques that are harder to detect. The fact that there are enough people who fall for low-budget phish bait actually serves to make the rest of us safer, as it makes it uneconomical to spend the time building more sophisticated lures.</blockquote> | ||
=== Users Confirming Phishing on Reddit === | === Users Confirming Phishing on Reddit === | ||
Several other users also confirmed that they were contacted by the same phishing attempt, many on email addresses which were unique and only used for Trezor.<ref name="reddit-7721" /> TBD expand. | Several other users also confirmed that they were contacted by the same phishing attempt, many on email addresses which were unique and only used for Trezor.<ref name="reddit-7721" /> TBD expand. | ||
=== Losses Reported By MrChaBuDuo === | |||
MrChaBuDuo reported that he had fallen for the phishing attack<ref name=":9" />.<blockquote>Lost £55,000. | |||
Was not paying attention and was on autopilot, just doing what it said. Was arguing with my gf via Telegram at the time. Bloody hell. | |||
Convincing email, convincing site. Fake programme I downloaded was identical to the real thing. | |||
Hook line and fucking sinker. | |||
What a mug I am. Had been building up my BTC for seven years and lost it in a few minutes' utter stupidity. | |||
Amazing to hear Trezor was using MailChimp. | |||
More amazed that I fell for it: I thought I was savvy. Clearly not. | |||
Sad times, frens. I have become a Normie McNocoiner. | |||
:-( | |||
Edit: yes I entered my keys, because I'm a twat | |||
Edit 2: a lot of people saying they'd never fall for it. I hope they're right. At the time I had not slept enough, was a bit hungover and was distracted. These are the times when you're vulnerable to doing stupid shit. Clearly I am the mong, but never rest on your laurels.</blockquote> | |||
=== Trezor Acknowledges The Breach === | === Trezor Acknowledges The Breach === | ||
Revision as of 15:00, 19 July 2023
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Multiple users of the Trezor hardware wallet had their email addresses compromised, and the phishing attacker sent out a realistic, typo-free, and well planned attack complete with an altered version of the Trezor Suite application which requested their seed phrase. While the total value of the loss hasn't been publicized, at least one user was found who was reported to have entered the seed phrase and lost significant funds. There is no evidence that any funds have been recovered.
About Trezor
Marek, the founder of Slush Pool, the first mining pool for bitcoin, realized the need for enhanced security when his Slush Fund mining pool was hacked[1]. In 2011, he met Pavol and Alena at a hackerspace in Prague, and together they laid the foundation for SatoshiLabs[1]. They create prototypes of a secure and intuitive cryptocurrency storage solution, leading to the development of the Trezor Model One[1], which was released in 2014[2].
Storing cryptocurrency data online is considered risky due to the potential for hacking and data breaches, but Trezor hardware wallets offer offline storage, ensuring the safety of coins and reducing the risk of theft[3][4]. The Trezor wallet gained popularity and the team expands, shipping the first batch of devices and launching an official Trezor Shop[1]. In 2018, they release the Trezor Model T with advanced features[1][2]. They also establish Invity, a service supporting bitcoin adoption, and collaborate with Tropic Square to ensure secure chip design[1]. Recently, they introduce Vexl, a peer-to-peer crypto trading app, aiming to make bitcoin more accessible[1]. Trezor hardware wallets are used mainly for securely storing Bitcoin and other cryptocurrencies[3][5], though it also offers additional security features like password management and two-factor authentication[2].
Trezor emphasizes the security and privacy benefits of their hardware wallets[4]. Trezor has gained trust and recognition through independent security audits, its open-source nature, and its user-friendly interface called Trezor Wallet[2]. It supports over 1,000 coins and tokens and is compatible with various third-party wallets and services[2]. Trezor can be purchased from their official online store or authorized resellers, and they have partnerships and developer resources available[2].
Trezor wallets securely generate and store seed phrases offline, reducing the risk of insecure generation or online storage[4]. They also emphasize hands-on confirmation through features like PIN and passphrase protection, adding an extra layer of security. Trezor's open-source design promotes trust and transparency, allowing users to verify and contribute to the code[4]. They offer a range of security features within their Trezor Suite app, such as address signing, transaction anonymization, and support for the Tor network for anonymous communication[4]. Trezor values customer feedback and encourages bug reporting to ensure continuous improvement of their security products[4].
The Trezor Suite app allows users to connect their wallet and manage their assets conveniently, with features such as secure trading, portfolio tracking, and easy wallet recovery[3]. Trezor emphasizes trust, transparency, and independence, with an open-source design and a strong foundation in privacy and security[3]. With over 10 years in the crypto industry, Trezor has gained the trust of over 1 million customers and is recognized as an industry innovator in hardware wallets[3].
Trezor typically comes with a hardware wallet device, a connector wire, and recovery seed booklets[5]. The recovery seed is crucial for accessing funds in case the device is lost[5]. The user would typically visit the Trezor website for the setup process, which starts with updating the firmware and confirming the device's identification number[5]. The user then sets up a PIN for accessing the wallet[5]. The PIN is entered using a number matrix displayed on the computer screen[5].
The recovery seed consists of 24 words that need to be written down and stored in two separate secure locations[5]. User are typically strongly advised against creating digital copies to prevent the risk of theft or loss due to hacking or accidents[5]. It is also suggested to test the wallet with a small amount of money before transferring larger amounts[5]. Even if the device is lost, the funds can be recovered using the recovery seed[5].
Notice Of Breach Received
Trezor users received an email informing them that their personal information had been compromised and of the potential that their assets might be at risk. The email instructed them to download the latest version of Trezor Suite and set up a new PIN for their wallet.
"We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers, and that the wallet associated with your email address is within those affected by the breach."
"Namely, on Saturday, April 2nd, 2022, our security team discovered that one of the Trezor Suite administrative servers had been accessed by an unauthorized malicious actor." "At the moment, it's technically impossible to accurately assess the scope of the data breach. Due to these circumstances, if you've recently accessed your wallet using Trezor Suite, we must assume that your cryptocurrency assets are at risk of being stolen."
"In the spirit of transparency, we wanted to make our customers aware of this incident before malicious actors could utilize this information to their detriment. We felt time was of the essence, and we are expediently working through our investigation."
"If you're receiving this e-mail, it's because you've been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet."
About MailChimp
MailChimp is a leading marketing automation and email marketing platform[6] that helps businesses increase revenue through effective email campaigns[7]. MailChimp was founded in 2001 by Ben Chestnut, Mark Armstrong, and Dan Kurzius[6]. The platform has evolved from an email marketing tool to a comprehensive marketing platform and has made a significant impact in the industry[6]. It started as a paid service and later introduced a freemium option, experiencing significant growth in its user base[6]. By June 2014, Mailchimp was sending over 10 billion emails per month. It has become a popular platform, with more than 600 million emails sent through it every two days[6].
The MailChimp platform offers a range of features designed to improve open rates, click-through rates, and overall sales[7]. By signing up for Mailchimp, businesses can leverage automated workflows, such as discount and reminder emails, to convert more customers at the right time[7]. The platform also provides over 20 AI and data tools for content creation, design customization, and performance analysis[7].
Segmentation is another key aspect of Mailchimp's offering, allowing businesses to target specific customer groups and enhance customer loyalty[7]. By predicting the right customers to target, businesses can optimize their marketing efforts[7]. Mailchimp also integrates with various tools, enabling data syncing, time-saving, and better decision-making[7]. Mailchimp's Customer Journey Builder automations can generate up to 4x more orders by triggering emails based on customer behavior[7]. Pre-built journeys assist businesses in cross-selling, recovering abandoned carts, re-engaging existing customers, and acquiring new ones[7]. Personalized emails based on buying behavior, survey responses, chat interactions, and support tickets help promote customer loyalty and growth[7].
MailChimp's AI-powered tools, such as the Content Optimizer and Creative Assistant, provide data-driven suggestions for improving email copy, imagery, and layout. Additionally, their segmentation capabilities help identify the most valuable customers based on lifetime value and likelihood to purchase[7]. The platform also offers integrations with popular tools like Canva, Salesforce, Instagram, Shopify, Google Analytics, WooCommerce, QuickBooks Online, Squarespace Commerce, and Zapier, allowing businesses to bring in more data and drive growth[7].
Over the years, MailChimp has received recognition for its innovation and was ranked No. 7 on the Forbes Cloud 100 list in 2016. In 2017, it was named one of Fast Company's Most Innovative Companies[6]. The company has expanded its operations, opening offices in Brooklyn and Oakland, California[6].
In 2019, MailChimp acquired LemonStand, a competitor, and announced plans to shift from mail distribution to providing a full marketing platform for smaller organizations[6]. This included features such as customer lead tracking, landing page and website building, and ad retargeting on platforms like Facebook and Instagram[6]. Mailchimp further expanded its reach by acquiring Courier Media, a London-based media and magazine company, in March 2020[6].
Despite receiving acquisition offers, MailChimp remained independent for 20 years[6]. However, in September 2021, it was confirmed that Intuit would acquire Mailchimp for approximately $12 billion in cash and stock[6]. Following the acquisition, the platform was renamed Intuit MailChimp[6].
MailChimp gained visibility through its podcast advertising, particularly sponsoring the launch of the podcast Serial[6]. An advertisement featuring a mispronunciation of the company's name by a young girl from Norway became a meme, prompting MailChimp to buy the domain mailkimp.com and redirect traffic to its main website[6].
In terms of services, Mailchimp integrated its transactional email service, Mandrill, into its platform in 2016[6]. This change required customers to be on a paid MailChimp plan to access Mandrill, resulting in some criticism[6].
The Reality
Phishing is an online scam where criminals impersonate legitimate organizations to steal sensitive information. Phishing attacks are on the rise globally, with a significant increase during the COVID-19 pandemic, and they account for a large portion of data breaches[8].
MailChimp has faced data breaches in 2022 and 2023, with unauthorized access to customer data through social engineering incidents[6].
"The Mailchimp security team disclosed that a malicious actor accessed an internal tool used by customer-facing teams for customer support and account administration. The bad actor gained access to this tool as a result of a successful social engineering attack on Mailchimp employees."
"Unauthorized actors have attempted to contact Trezor users posing as the firm to scam unaware users out of their investments. Users received an email about downloading an app from a similar domain called ‘trezor.us’ instead of the official Trezor domain name, ‘trezor.io.’"
What Happened
Users who followed the instructions in the email (from trezor.us instead of trezor.io) downloaded malware to their computer which mimicked the functionality of the Trezor Suite. This malware requested them to enter their seed phrase as part of the setup process. Once the seed phrase had been entered, it was transmitted to the attackers, and the attackers were able to sweep all funds from their wallet.
| Date | Event | Description |
|---|---|---|
| March 26th, 2022 | MailChimp Breach Discovered | The MailChimp breach was reportedly discovered[9]. “When we become aware of any unauthorized account access, we notify the account owner and immediately take steps to suspend any further access,” Smyth told TechCrunch. “We also recommend two-factor authentication and other account security measures for our users as added measures to keep accounts and passwords secure.” |
| April 2nd, 2022 5:32:42 PM MDT | Phishing Posted on Reddit | The Trezor phishing attacks are posted about on Reddit[10][11] along with a screenshot[12]. A convincing Trezor phishing scam has been reported, with emails sent from trezor.us. It is suspected that the scammers obtained leaked email addresses from the HubSpot breach or other crypto-related lists. The phishing email asks recipients to download the latest Trezor software suite to address a supposed security issue. Several users in the Reddit thread confirmed receiving the scam email, including those who used unique email addresses solely for their Trezor accounts. Some users suspect that Trezor might have experienced a data breach, while others are taking precautionary measures by changing their email addresses. One user mentioned that the email contained an embedded image tracker to capture recipients' IP addresses. It is recommended to report such phishing attempts to the appropriate authorities and to Trezor directly. Users who may have downloaded and installed the malicious software are advised to scan their systems for malware and consider taking further security measures[11]. |
| April 2nd, 2022 5:36:00 PM MDT | Tomáš Kafka Tweets Screenshot | Twitter user Tomáš Kafka shared a screenshot of the phishing attempt he received and said he was "really lucky" he didn't have a Trezor, because if he did, he "would probably actually download that update"[13]. |
| April 2nd, 2022 7:21:00 PM MDT | Jose Arkos Tweets Screenshot | A screenshot of the phishing email is shared by Twitter user josearkos[14]. |
| April 2nd, 2022 8:45:37 PM MDT | Crosspost to Bitcoin Subreddit | The phishing attack is crossposted to the Bitcoin subreddit[15]. The Reddit community quickly identifies the email as a scam. They point out that the email came from a domain trezor.us, while the legitimate website is trezor.io. Users warn against falling for such scams and advise to ignore any emails claiming that funds are at risk. They emphasize that a reputable wallet company should never have access to users' private keys, which are stored securely on the device. The discussion also includes some unrelated and humorous comments[15]. |
| April 3rd, 2022 2:22:00 AM MDT | Graham Cluley Article | Graham Cluley publishes an article about the phishing attempt[16]. Owners of Trezor hardware cryptocurrency wallets have been targeted by a phishing email attempting to trick them into downloading malicious software. The email falsely claims that Trezor experienced a security incident and that the data of 106,856 customers has been breached. However, the email is not from Trezor but is a phishing attempt. If recipients click on the link in the email, they are directed to a fake website that closely resembles Trezor's legitimate site. The fake website uses a unicode domain phishing attack, with a subtle alteration in the URL. Trezor has confirmed that it is investigating a possible breach of its MailChimp opt-in mailing list, which could explain how customers were targeted[16]. |
| April 3rd, 2022 3:23:00 AM MDT | Trezor Announces Investigation | Trezor announces on Twitter that they are in the process of "investigating a potential data breach of an opt-in newsletter hosted on MailChimp". "A scam email warning of a data breach is circulating. Do not open any email originating from noreply@trezor.us, it is a phishing domain."[17] |
| April 3rd, 2022 4:04:00 AM MDT | Trezor Confirms MailChimp Breach | Trezor confirms the breach in a tweet. They state that it's been confirmed by MailChimp. They state it appears to be an insider targeting crypto companies, they've managed to take the domains down, and not to open any emails from them until further notice[18]. |
| April 3rd, 2022 4:29:00 AM MDT | CoinTelegraph Article | CoinTelegraph posts an article covering the situation[19]. "While Trezor attempts to identify the root cause of the situation with an official investigation, users are advised not to click on links coming from unofficial sources until further notice." [20] TBD article was updated. |
| April 3rd, 2022 5:12:00 AM MDT | Watcher.Guru Article | Watcher.Guru announces the situation and publishes an article[21][22]. Trezor, a cryptocurrency hardware wallet provider, is investigating a potential data breach that has affected its users and may have exposed their personal information. The issue was brought to light when Twitter users reported receiving phishing emails targeting Trezor users. The fraudulent emails claim that Trezor experienced a security incident and urge users to download an app from an unofficial domain. Trezor suspects that the compromised email addresses were part of a newsletter list hosted by email marketing service provider Mailchimp, which confirmed that their service was breached by an insider targeting crypto companies. Trezor advises users to avoid clicking on links from unofficial sources and to update their firmware or software only through the official Trezor website. |
| April 3rd, 2022 10:04:00 AM MDT | FXEmpire Article | FXEmpire reports that Trezor has issued a warning about a phishing attack that targeted some of its users[23]. Users received an email posing as Trezor, asking them to download an app from a fraudulent domain called 'trezor.us' instead of the official Trezor domain, 'trezor.io'. Trezor suspects that the compromised email addresses may belong to users who opted in for newsletters hosted on email marketing service provider Mailchimp. The company is investigating the data breach and has advised users not to click on links from unofficial sources[23]. The article is later reposted to Yahoo Finance[24] within several hours[25]. |
| April 3rd, 2022 1:40:28 PM MDT | MrChaBuDuo Reports Losses | MrChaBuDuo reports falling for the phishing attack and losing £55,000 on Reddit[26]. He was reportedly lacking sleep, hung over, and distracted with an argument with his girlfriend at the time. He ended up installing the malware and entering his seed phrase in the wallet setup process. |
| April 3rd, 2022 4:17:37 PM MDT | Report By DrRobertBottle | Reddit user DrRobertBottle reports he got the phishing email and it "was crafted very well". He didn't fall for it because it was in his spam folder[27]. |
| April 4th, 2022 10:34:10 AM MDT | TechCrunch Article | TechCrunch reports that email marketing company MailChimp has experienced a data breach after hackers compromised an internal tool, according to the company's CISO, Siobhan Smyth. The breach was discovered on March 26 and involved a successful social engineering attack that allowed the hackers to access customer accounts. Approximately 300 MailChimp accounts were viewed, and data was exported from 102 of those accounts. The targeted customers were mainly in the cryptocurrency and finance sectors. The hackers also gained access to API keys, potentially enabling them to send spoofed emails, but MailChimp has disabled the keys. Some users reported receiving phishing emails as a result of the breach. MailChimp recommends two-factor authentication and other security measures to its users and has taken steps to prevent further unauthorized access. The company did not disclose the additional security measures it is implementing to prevent future attacks. The breach came to light after cryptocurrency wallet maker Trezor confirmed that its users had received phishing emails as a result of the MailChimp breach[9]. |
| April 5th, 2022 1:33:19 PM MDT | Migliaccio & Rathod LLP Investigation | Law firm Migliaccio & Rathod LLP are reportedly investigating a potential class action against Trezor "for failing to adequately safeguard consumer information, resulting in a data breach"[28]. The breach, initially reported in March 2022, exposed the email addresses of users who had subscribed to Trezor's newsletter through MailChimp. The leaked email addresses have led to phishing scams targeting hardware wallet owners, aiming to obtain their 12-word recovery seeds and steal cryptocurrency assets. In addition to email addresses, the breach may have exposed users' phone numbers, addresses, and account passwords, which can be exploited in sophisticated attacks on recovery seeds. Users can anticipate an increase in both the number and complexity of phishing attempts, with some potentially experiencing multiple scareware attacks. If affected by the breach, Trezor users are encouraged to contact Migliaccio & Rathod LLP for assistance. |
| April 7th, 2022 10:50:27 AM MDT | Robinson + Cole Article | Robinson+Cole reports that email and social media marketing company MailChimp has experienced a data breach, with 319 MailChimp accounts being compromised. Out of those accounts, audience data from 102 of them was accessed. The breach was the result of a social engineering attack targeting MailChimp employees. The attack specifically targeted users in the cryptocurrency and finance industries. The hackers have been using the information obtained from the breached accounts to send phishing emails. This incident highlights the importance of regular employee training to educate users about avoiding suspicious links in emails, as well as the need for individuals to implement multi-factor authentication for critical financial accounts[29]. |
| January 11th, 2023 | Another MailChimp Security Incident | MailChimp experienced a separate security incident where an unauthorized actor gained access to select MailChimp accounts. The incident was the result of a social engineering attack on MailChimp employees and contractors, with the unauthorized actor using compromised employee credentials. The incident affected 133 MailChimp accounts, and there is no evidence to suggest that Intuit systems or customer data beyond these accounts were compromised. As a response, MailChimp temporarily suspended account access for accounts with suspicious activity and promptly notified the affected account owners. They provided instructions for users to reinstate access to their accounts safely and have been offering direct support to impacted users. MailChimp is conducting an ongoing investigation and is committed to providing timely and accurate information to those affected[30]. |
| January 19th, 2023 2:15:00 AM MST | ComputerWeekly Cites Further Breaches | ComputerWeekly reports that email marketing specialist MailChimp has experienced its third data breach in a year due to a social engineering attack. "The attack saw an unauthorised party access customer support and admin tools by phishing its employees and stealing their credentials, before accessing data on 133 customers." MailChimp promptly suspended account access for affected accounts, notified the primary contacts within 24 hours, and has been assisting in the safe reinstatement of access for affected users. The company stated that there is no evidence to suggest that the compromise impacted Intuit systems or customer data beyond the MailChimp accounts. While MailChimp has been praised for its swift response, this incident follows a pattern of internal compromises within the organization. The breach has raised concerns about prevalence and sophistication of social engineering attacks targeting third-party tools and highlights the need for robust customer data security measures[31]. |
Technical Details
The MailChimp service suffered a phishing attack through social engineering. This resulted in a breach of customer contact information of Trezor hardware wallet users. The breached information was used to send Trezor customers a convincing phishing email warning them that their assets may be at risk. Users were instructed to download an updated hardware wallet to secure their funds.
Breach of MailChimp Servers
MailChimp is a widely used marketing tool. The MailChimp servers were breached by a social engineering attack. The exact details of the attack have not been disclosed.
Mailchimp faced data breaches in 2022 and 2023, with unauthorized access to customer data through social engineering incidents[6].
Trezor has confirmed that it is investigating a possible breach of its MailChimp opt-in mailing list, which could explain how customers were targeted[16].
Phishing Email To Trezor Users
A highly sophisticated phishing attack was performed against Trezor users. It leveraged recent privacy breaches which Trezor users would already be aware of, suggesting that another attack had occurred, and this time, there was some uncertainty as to whether wallet funds were safe or not. Users were instructed to download an update to their Trezor wallet software and change their PIN.
The email claims that Trezor experienced a security incident and that the data of 106,856 customers has been breached[16]. While the breach of contact information may be real, no funds are at risk and the email is not from Trezor but is a phishing attempt[16]. If recipients click on the "DOWNLOAD LATEST VERSION" link in the email, they are directed to a fake website that closely resembles Trezor's legitimate site[16]. Some variant of the fake website use a unicode domain phishing attack, with a subtle alteration in the URL[16].
Dear [user],
We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers, and that the wallet associated with your e-mail address [email] is within those affected by the breach.
Namely, on Saturday, April 2nd, 2022, our security team discovered that one of the Trezor Suite administrative servers had been accessed by an unauthorized malicious actor.
At this moment, it's technically impossible to accurately assess the scope of the data breach. Due to these circumstances, if you've recently accessed your wallet using Trezor Suite, we must assume that your cryptocurrency assets are at risk of being stolen.
In the spirit of transparency, we wanted to make our customers aware of this incident before malicious actors could utilize this information to their detriment. We felt time was of the essence, and we are expediently working through our investigation.
If you're receiving this e-mail, it's because you've been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet.
Sincerely, Trezor
DOWNLOAD LATEST VERSION
Copyright © 2022 Trezor / SatoshiLabs s.ro., All rights reserved.
Our mailing address is: Trezor / SatoshiLabs s.r.o. Kundratka 2359/17A Prague 8 18000 Czech Republic
Some phishing emails came from the trezor.us domain, which seems like a reasonable domain name that Trezor might use for US customers. The link provided in the email took users to a download page mimicking the official Trezor download page.
"Wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don't have Trezor, because if I had, I would probably actually download that update."
Malware Requests Seed Phrase
Once the user was to download the fake Trezor application, they would be prompted to enter their seed phrase in the application. While most users would understand this defeats the purpose of a hardware wallet, many users are unaware or may not be thinking at that time. Entering the seed phrase is a step you would perform if using a software-based wallet, for example.
The Trezor application was designed to mimic the appearance of the legitimate Trezor application. Users who entered their seed phrase into the malicious fake Trezor wallet malware gave the hackers all of the necessary information in order to transfer their funds.
"When you click on the link in the phishing email you are directed to download a Trezor Suite lookalike app, that will ask you to connect your wallet and enter your seed. The seed is compromised once you enter it into the app, and your funds will then be immediately transferred to the attackers wallet."
"This attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app."
"For this attack to be successful, users had to install the malicious software on their devices, at which point their operating system should identify that the software comes from an unknown source. This warning should not be ignored, all official software is digitally signed by SatoshiLabs."
Total Amount Lost
The total amount lost is unknown. It is not likely to be possible to determine the exact amount lost accurately. TBD - any information on what's been reported?
Coins reportedly went to bitcoin address bc1qs0m8x6pha4fvptgl3w9hcgs20npd8pv59l3aca[32]. TBD - Controversy in the thread about this address.
Losses Reported By MrChaBuDuo
MrChaBuDuo was a Trezor user from the UK who fell victim to the scam and reportedly lost £55,000[26]. Coins reportedly went to bitcoin address bc1qs0m8x6pha4fvptgl3w9hcgs20npd8pv59l3aca[32].
Immediate Reactions
Initial discussions largely took place on Reddit before the incident was reported by multiple news outlets.
A convincing Trezor phishing scam has been reported, with emails sent from trezor.us. It is suspected that the scammers obtained leaked email addresses from the HubSpot breach or other crypto-related lists. The phishing email asks recipients to download the latest Trezor software suite to address a supposed security issue. Several users in the Reddit thread confirmed receiving the scam email, including those who used unique email addresses solely for their Trezor accounts. Some users suspect that Trezor might have experienced a data breach, while others are taking precautionary measures by changing their email addresses. One user mentioned that the email contained an embedded image tracker to capture recipients' IP addresses. It is recommended to report such phishing attempts to the appropriate authorities and to Trezor directly. Users who may have downloaded and installed the malicious software are advised to scan their systems for malware and consider taking further security measures[11].
"Trezor wallet owners did not have a good Sunday morning after the hardware wallet provider revealed that some of its users were the target of a phishing attack over the weekend. On April 3, Crypto Twitter was filled with community warnings about an ongoing email phishing campaign targeting Trezor users via their registered email addresses."
"Very convincing Trezor phishing scam being sent from trezor.us. Most likely leaked emails from HubSpot breach or other crypto-adjacent lists."
"Asks you to download latest Trezor software suite to address the security condition."
"I happen to have clicked on the update and upon checking my wallet balance afterward, I realized both my bitcoin and Ethereum in the account were sent to unknown addresses in a space of 4 minutes interval."
"Can someone please advise me on what best to do now and if I can ever be able to recover my coins? All suggestions will be appreciated as it is a substantial amount."
“We immediately took steps to disable phishing sites and are taking further steps to stop the continuation of this phishing attack.” — Tomáš Sušánka, CTO of Trezor.
"Cryptocurrency hardware wallet provider Trezor has begun formally investigating a possible data breach that has affected numerous users and may have compromised their personal information." "Trezor initially suspected that the compromised email addresses belonged to a list of users who opted-in for newsletters hosted on an American email marketing service provider Mailchimp."
"The firm has begun investigating the data breach and has confirmed that its service has been compromised by ‘an insider targeting crypto companies.’ As the firm officially investigates the total number of stolen email addresses, they have advised users not to click on links coming from unofficial sources until further notice."
"With this recent leak of personal information, Trezor users can expect an uptick in both the number of phishing attempts and their level of complexity. Some customers may even be the target of multiple “scareware” attacks, where threat actors use the compromised information to generate shock and anxiety in their targets, as to more easily manipulate them."
Users Report Phishing on Twitter
"Wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don't have Trezor, because if I had, I would probably actually download that update."
I got that phishing email too. It was crafted very well. It was also sent to an email address that is only associated with Trezor.
Just checked my spam folder and got one from noreply @trezor.US instead of .io People need to be smarter
and then those [scammers] will start using browser-in-browser attacks or other techniques that are harder to detect. The fact that there are enough people who fall for low-budget phish bait actually serves to make the rest of us safer, as it makes it uneconomical to spend the time building more sophisticated lures.
Users Confirming Phishing on Reddit
Several other users also confirmed that they were contacted by the same phishing attempt, many on email addresses which were unique and only used for Trezor.[10] TBD expand.
Losses Reported By MrChaBuDuo
MrChaBuDuo reported that he had fallen for the phishing attack[26].
Lost £55,000.
Was not paying attention and was on autopilot, just doing what it said. Was arguing with my gf via Telegram at the time. Bloody hell.
Convincing email, convincing site. Fake programme I downloaded was identical to the real thing.
Hook line and fucking sinker.
What a mug I am. Had been building up my BTC for seven years and lost it in a few minutes' utter stupidity.
Amazing to hear Trezor was using MailChimp.
More amazed that I fell for it: I thought I was savvy. Clearly not.
Sad times, frens. I have become a Normie McNocoiner.
- -(
Edit: yes I entered my keys, because I'm a twat
Edit 2: a lot of people saying they'd never fall for it. I hope they're right. At the time I had not slept enough, was a bit hungover and was distracted. These are the times when you're vulnerable to doing stupid shit. Clearly I am the mong, but never rest on your laurels.
Trezor Acknowledges The Breach
Ultimate Outcome
Trezor completed an investigation on the incident and concluded the breach was related to the third party MailChimp servers.
"Trezor customer order data is purged after 90 days. The data contained in this leak originates from a separate database secured by a third party."
"We are actively warning customers about the ongoing phishing attacks, having published warnings on our website and social media, and also within the Trezor Suite app. Please help us spread the word and minimize the harm these scammers cause."
"We have already taken down many of the malicious sites associated with today’s attack. The team is working around the clock to bring the phishing sites down as soon as possible."
"While Trezor makes an try to determine the idea cause for the state of affairs with an official investigation, prospects are instructed to not click on on on hyperlinks coming from unofficial sources until extra uncover." "The only reason to worry about your funds is if you entered your seed into the malicious app. Your device can not be compromised or affected by this attack without explicitly typing your seed into your computer. Never enter your seed anywhere unless your Trezor device tells you to!"
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
Ongoing Developments
While this situation has largely reached a conclusion, there is a potential class action lawsuit against Trezor underway. It is unclear if any investigation is ongoing to trace the funds on the blockchain.
Potential Class Action Lawsuit
Law firm Migliaccio & Rathod LLP are reportedly investigating a potential class action against Trezor "for failing to adequately safeguard consumer information, resulting in a data breach"[28]. The breach, initially reported in March 2022, exposed the email addresses of users who had subscribed to Trezor's newsletter through MailChimp. The leaked email addresses have led to phishing scams targeting hardware wallet owners, aiming to obtain their 12-word recovery seeds and steal cryptocurrency assets. In addition to email addresses, the breach may have exposed users' phone numbers, addresses, and account passwords, which can be exploited in sophisticated attacks on recovery seeds. Users can anticipate an increase in both the number and complexity of phishing attempts, with some potentially experiencing multiple scareware attacks. If affected by the breach, Trezor users are encouraged to contact Migliaccio & Rathod LLP for assistance.
Individual Prevention Policies
Most companies have insecurities. Any information provided to a company may be breached or abused.
Trezor put together a number of tips, but the largest tip is that hardware wallet users should never enter their seed phrase anywhere except on the screen of the hardware device itself. There is never any reason why a seed phrase should be entered on any other device such as a computer when using a hardware wallet.
Protect Your Personal Information
Obviously, anything you can do to minimize the amount of information which you provide to websites will reduce your risk.
Set up separate email addresses for each service, and avoid providing your phone number whenever possible. Any received emails or phone calls must be viewed with scrutiny, especially if unsolicited. Interact with companies only through their official websites and confirm anything with the company directly via multiple official sources, especially if it promises a significant incentive to take an action or threatens access to your funds if an action is not taken. It would be recommended to also establish a network of multiple trusted individuals who use the same services and have a strong level of security knowledge.
Prevent And Minimize Loss Of Funds
In a typical cryptocurrency fraud, malicious actors try to use the available information to convince you to give them authorization to access or transfer funds. This can be accomplished via tricking you into providing a private key or seed phrase, signing a transaction that grants them permission to move funds, or installing malware on your device. In most cases, this will be accomplished via a greed or fear trigger, and you should be on extra guard when experiencing those emotions.
Private keys can be obtained through seed phrases, mnemonics, private key files, mobile synchronization screens, wallet export features, wallet backups, etc... Never ever send these to anyone else who you do not intend to allow to take all of your money. Attackers will use a wide variety of tactics to convince you like pretending to be your wallet software, pretending they work for the wallet software, or asking you to screen share. Don't fall for them.
Any time untrusted software is being run is an opportunity for abuse. It is recommended to always interact with cryptocurrency in a fully controlled environment, which is an environment where you have understanding of every piece of software running there. Using a hardware wallet, spare computer with all software wiped, and/or virtual machine with only the needed software greatly reduces your attack surface. Take the time to verify downloaded files come from the correct and expected source and match available hashes if provided. Any time you encounter a new file, always check if it can contain executable code prior to using it.
Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
While the proper solution is to reduce the amount of information collected, a combination of improved security, increased education, and a collective industry insurance fund also provides an alternative to prevent and fully resolve a similar situation.
Inspection of Information Storage
All points along the communication and supply chain should be inspected for vulnerabilities. Common vulnerability points may include DNS, Discord, and customer information. What steps are required to access and/or modify the component? Do any third party companies or organizations implement a proper multi-signature approach? What additional security options are available?
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
Increased Education For Users
Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.
Industry Insurance Fund For Victims
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
While the best solution is to reduce the amount of information collected, a combination of increased education, improved security, and a collective industry insurance fund also provides an alternative to prevent and fully resolve a similar situation.
Private Identity Key Protocol
A key challenge is the increased reliance on an incredible amount of personal data by financial firms. Having this information shared as part of a normal business relationship and floating around on multiple platforms poses a severe risk to all users when it comes to identity theft, phishing attacks, and other targeted criminal activities. While various frameworks have been proposed for how platforms can safeguard this information, they all suffer from the problem of depending on individuals within the organization who can be coerced, bribed, or tricked into violating the policies. They also do not address situations in which customers divulge information to unregulated platforms, either deliberately or by being tricked via a phishing attack. Criminals only need to breach one platform, and the information is permanently exposed to the black market. As an alternative, a single digital access token could be used to validate identity, with the associated personal information stored in a single secure location. The personal information is much less likely to be breached. If the token is breached on any third party platform, the access token can be revoked and swapped with a new token, while criminals have no way of utilizing the old token.
Increased Education For Cryptocurrency Users
Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.
Third Party Security Assessments
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
Establish Industry Insurance Fund
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 1.2 1.3 1.4 1.5 1.6 Our Story - SatoshiLabs (Jul 5, 2023)
- ↑ 2.0 2.1 2.2 2.3 2.4 2.5 Trezor - Trezor Wiki Archive April 9th, 2022 2:04:20 AM MDT (May 21, 2022)
- ↑ 3.0 3.1 3.2 3.3 3.4 Trezor Homepage (Feb 20, 2022)
- ↑ 4.0 4.1 4.2 4.3 4.4 4.5 Privacy & Security - Trezor Homepage (Feb 20, 2022)
- ↑ 5.0 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8 5.9 Trezor - Initial Setup and Trezor Bitcoin Wallet Review - YouTube (Jun 26, 2023)
- ↑ 6.00 6.01 6.02 6.03 6.04 6.05 6.06 6.07 6.08 6.09 6.10 6.11 6.12 6.13 6.14 6.15 6.16 6.17 6.18 MailChimp - Wikipedia (Jun 28, 2023)
- ↑ 7.00 7.01 7.02 7.03 7.04 7.05 7.06 7.07 7.08 7.09 7.10 7.11 MailChimp Homepage (Jun 28, 2023)
- ↑ Possible data breach for Trezor as users report string of phishing emails - Watcher.Guru (Jun 20, 2023)
- ↑ 9.0 9.1 Mailchimp says an internal tool was used to breach hundreds of accounts - TechCrunch (Jun 28, 2023)
- ↑ 10.0 10.1 Trezor Phishing Scam - Trezor Subreddit (Apr 2, 2022)
- ↑ 11.0 11.1 11.2 Trezor Phishing Scam - Trezor Subreddit Archive April 4th, 2022 4:08:31 AM MDT (Jul 4, 2023)
- ↑ 12.0 12.1 Phishing Email Screenshot - Reddit (Jul 4, 2023)
- ↑ Tomáš Kafka - "Wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don't have Trezor, because if I had, I would probably actually download that update." - Twitter (May 21, 2022)
- ↑ 14.0 14.1 josearkanos - "Hey trezor, are you aware of a phishing campaign going on? I just received this email with my actual email on it. It looked very legit." - Twitter (May 21, 2022)
- ↑ 15.0 15.1 Trezor breach? Real or just a scam email? - Bitcoin Subreddit (Apr 2, 2022)
- ↑ 16.0 16.1 16.2 16.3 16.4 16.5 16.6 Trezor wallets hacked? Don’t be duped by phishing attack email - Graham Cluley (Jun 27, 2023)
- ↑ trezor - "We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp. A scam email warning of a data breach is circulating. Do not open any email originating from noreply@trezor.us, it is a phishing domain." - Twitter (Jul 6, 2022)
- ↑ Trezor - "MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies." - Twitter (May 21, 2022)
- ↑ Trezor investigates potential data breach as users cite phishing attacks - CoinTelegraph Archive April 3rd, 2022 4:30:56 AM MDT (Apr 18, 2023)
- ↑ Trezor investigates potential data breach as users cite phishing attacks - CoinTelegraph (May 21, 2022)
- ↑ WatcherGuru - "JUST IN: Trezor is investigating a possible data breach after several users reported an ongoing email phishing campaign." - Twitter (May 21, 2022)
- ↑ Possible data breach for Trezor as users report string of phishing emails - Watcher.Guru (May 21, 2022)
- ↑ 23.0 23.1 Trezor Issues Data Breach Warning As Users Cite Phishing Attacks - FXEmpire (Jul 5, 2023)
- ↑ Trezor Issues Data Breach Warning As Users Cite Phishing Attacks - Yahoo Finance (May 21, 2022)
- ↑ Trezor Issues Data Breach Warning As Users Cite Phishing Attacks - Yahoo Finance Archive April 3rd, 2022 5:06:26 PM MDT (Apr 18, 2023)
- ↑ 26.0 26.1 26.2 MrChaBuDuo - I fell victim to the Trezor phishing scam - Reddit (Jul 19, 2023)
- ↑ 27.0 27.1 DrRobertBottle - "I got that phishing email too. It was crafted very well. It was also sent to an email address that is only associated with Trezor." - Reddit (Jul 19, 2023)
- ↑ 28.0 28.1 Trezor Cryptocurrency Wallet Data Breach Investigation - Migliaccio & Rathod LLP (May 21, 2022)
- ↑ Mailchimp Suffers a Data Breach - Robinson+Cole's Data Privacy + Cybersecurity Team (Jun 28, 2023)
- ↑ January 2023 Security Incident - MailChimp (Jun 28, 2023)
- ↑ Mailchimp suffers third breach in 12 months - ComputerWeekly (Jun 28, 2023)
- ↑ 32.0 32.1 MrChaBuDuo - "bc1qs0m8x6pha4fvptgl3w9hcgs20npd8pv59l3aca" - Reddit (Jul 19, 2023)
- ↑ GnarWhale99 - "Just checked my spam folder and got one from noreply @trezor.US instead of .io People need to be smarter" - Reddit (Jul 19, 2023)
- ↑ GnarWhale99 - "Just checked my spam folder and got one from noreply @trezor.US instead of .io People need to be smarter" - Reddit Archive April 4th, 2022 12:28:12 AM MDT (Jul 19, 2023)
- ↑ gigahydra - "and then those [scammers] will start using browser-in-browser attacks or other techniques that are harder to detect. The fact that there are enough people who fall for low-budget phish bait actually serves to make the rest of us safer, as it makes it uneconomical to spend the time building more sophisticated lures." - Reddit (Jul 19, 2023)