Trezor, a hardware wallet maker, has acknowledged to users that it was the target of a phishing attempt on Saturday.
This happened after bad actors posing as the company sent out an email claiming that [Trezor] had suffered a security breach that exposed some of its customers’ data. The email then instructed users to update their Trezor Suite and change their pin.
Because it was shared on Twitter, many users mistook the email for a real one. The company was able to clear up the situation, disclosing that the email did not come from Trezor, but rather from unauthorized actors unrelated to the company.
Trezor declared that it is investigating “a potential data breach of an opt-in newsletter hosted on MailChimp.” It also divulged that the breach focused on crypto companies and told its clients to not open any emails that arrive from the noreply@trezor.us address.
Instead of trezor.io, the phishing email included a download link with trezor.us as the domain name. Investigations into the scope of the attack are still ongoing as of press time, however Trezor has discontinued its newsletter pending more information.
Users should not open any email from Trezor till further notice, according to the hardware wallet, which has shut down certain domains that attackers could exploit. It further requested that users exclusively utilize anonymous email addresses for crypto-related transactions.