Hackers target Trezor crypto wallet users after mailing list got compromised

2022-4-5 03:30

Hardware cryptocurrency wallet manufacturer Trezor has divulged that its customers are being targeted by so-called “phishing” attacks after Mailchimp, the firm’s email automation service provider, was “compromised by an insider targeting crypto companies.”

“We are currently investigating how many customers might have been affected following an insider compromise of a newsletter database hosted on Mailchimp,” Trezor wrote in a blog post today, adding:

“The Mailchimp security team disclosed that a malicious actor accessed an internal tool used by customer-facing teams for customer support and account administration. The bad actor gained access to this tool as a result of a successful social engineering attack on Mailchimp employees.”

Status update on the ongoing phishing attack:https://t.co/IXq1I3Y1i7

— Trezor (@Trezor) April 4, 2022

Keep your app close, keep your seed phrase closer

Further, the attacker is specifically targeting crypto-related companies, Trezor noted. As a result, its wallet users began receiving phishing emails on Sunday, April 3, asking them to click a link that leads to the download page for a “Trezor Suite lookalike app.”

A copy of the phishing email. Image: Trezor

If an unsuspecting user falls into this trap, the malicious app then asks for their seed phrase—basically the private key that gives the perpetrators full access to their crypto holdings. Once entered, the seed gets compromised and users’ funds are immediately transferred to the attackers’ wallet.

“This attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app.”

MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.

We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/

— Trezor (@Trezor) April 3, 2022

Luckily, since potential victims have to actually install the malware on their devices (although there is also a web version), contemporary operating systems should alarm them about its unknown source. “This warning should not be ignored, all official software is digitally signed by SatoshiLabs,” Trezor pointed out.

Stay vigilant

According to Trezor, the firm has already shut down the phishing domain. However, if some users have entered their seed phrases after all, they should immediately move their crypto to a newly generated address (unless it’s already too late, of course).

“If you have not received such an email, there is still a chance your email address has been leaked, so it is best to remain vigilant in case a new wave of emails appear. Compromised email addresses may be targeted again in future so please report any new phishing attempts directly to [email protected].”

Until this issue is resolved, the wallet manufacturer has ceased any newsletter activity. Additionally, users should “not open any emails appearing to come from Trezor until further notice” and make sure they are using anonymous email addresses for “Bitcoin-related activity,” the firm urged.

The post Hackers target Trezor crypto wallet users after mailing list got compromised appeared first on CryptoSlate.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Atomic Wallet Coin (AWC) на Currencies.ru

$ 0.0423963 (+0.00%)
Объем 24H $1.102k
Изменеия 24h: 1.81 %, 7d: 23.44 %
Cегодня L: $0.040096 - H: $0.0423963
Капитализация $449.556k Rank 2166
Цена в час новости $ 0.7937 (-94.66%)

wallet compromised crypto trezor firm mailchimp attacks

wallet compromised → Результатов: 75


Фото:

Bitcoin Wallet Ledger Suffers Data Breach That Exposed Private Data Of 1 Million Users

Cryptocurrency hardware provider Ledger experienced a data leak that led to personal details of customers being compromised. User funds are, however, safe. Details Of The Ledger Data Leak In a blog post on July 29, Ledger revealed that its e-commerce and marketing database was hacked between June and July, leaking one million email IDs and […]

2020-7-29 17:39


Фото:

MasterMana Botnet takes over your machine to empty your cryptocurrency wallet

Cybersecurity researchers have detailed a dangerous botnet specifically targeting businesses to steal sensitive data and cryptocurrency. Dubbed “MasterMana Botnet,” the ongoing campaign is believed to be connected to the “Gorgon Group,” a crew of cyberbaddies linked to worldwide criminal activity and repeated attacks on governments.

2019-10-2 19:57


Bitcoin Wallet Researchers Slam ‘Inappropriate’ Redditor’s Coinomi Complaint

By CCN: CipherBlade, a blockchain security research firm, has published the results of a lengthy investigation into the claims of a Coinomi user. How Were the Funds Truly Compromised? Warith Al Maawali contacted CCN and just about every news outlet he could find with the claim that because Coinomi had sent seed phrases to Google for spellchecking, he had lost his entire life savings.

2019-5-24 11:28


Breaking: Binance exchange gets compromised; 7000 BTC worth $40 million withdrawn by hackers

Binance’s official blog spoke about a security breach in Binance that allowed hackers to get away with 7000 BTCs, a large number of user API keys, 2FA codes, and potentially other info. The blog further added that the targetted attack was on a hot wallet and that only 2% of the total funds in that wallet […] The post Breaking: Binance exchange gets compromised; 7000 BTC worth $40 million withdrawn by hackers appeared first on AMBCrypto.

2019-5-8 03:48


Фото:

Bitcoin wallet Electrum hit by DoS attack from 140,000-strong botnet

The servers of popular Bitcoin wallet Electrum are under heavy attack, and users are advised to be extra careful when using the platform until it’s resolved. A sophisticated botnet of more than 140,000 machines has launched Denial-of-Service (DoS) attacks on Electrum‘s servers, with apparent intent to direct users to compromised versions of the software designed to steal their Bitcoin.

2019-4-8 18:06


Redditor Claims Theft of $70,000 in Life Savings Due to Critical Coinomi Wallet Bug

According to cryptocurrency investor Warith Al Mawali, he has lost all of his life savings in the tune of $60,000 to $70,000 on Coinomi, a widely utilized crypto wallet on Android. In a detailed report, Mawali claimed that a critical vulnerability found on the wallet led to the loss of user funds as it compromised the private key of his wallet.

2019-2-27 16:31


NodeJS package used by the Copay and BitPay apps was modified to load malicious code, BitPay released security update version

A Node.js module called event-stream is used in millions of web applications, including BitPay’s open-source bitcoin wallet — Copay — and this module was reportedly compromised. A user with very little coding activity on GitHub requested publishing rights to the event-stream library from its previous maintainer, Dominic Tarr, who said that he had not maintained […]

2018-11-27 10:45