The Trezor hardware wallet team has reported a leak of customer personal data that occurred on the side of the MailChimp platform, through which the company conducts marketing emails.
According to the project, the attackers have used user information in a phishing attack:
“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.”
Trezor has stopped marketing emails until the situation is “resolved.” The wallet users have been advised not to open emails purporting to be from the company.
The phishing mailing was carried out from a third-party domain trezor.us, whereas the official domain is trezor.io. Users were asked to download the “latest” version of the Trezor Suit wallet management app.
