- >News
- >Trezor, Mailchimp Hit By Crypto Phishing Scam, What Happens Now?
Trezor, Mailchimp Hit By Crypto Phishing Scam, What Happens Now?
It has happened again: a cryptocurrency hardware wallet has been hacked. Well, not the wallet itself, but rather the databases and community surrounding it. This time, it’s the turn of Trezor, which found out that a mailing list hosted by centralized marketing service Mailchimp had been compromised, enabling cybercriminals to target Trezor wallet owners with phishing emails.
It’s not clear at this moment in time how much in cryptocurrency has been lost as a result of the phishing scam. However, cybersecurity experts testify that the scam is surprisingly sophisticated, with hackers creating convincing-looking emails claiming to be from Trezor, as well as creating a fake version of the Trezor Suite app in order to steal users’ seed phrases. As such, there’s a very good chance that a significant amount of crypto has been illicitly transferred.
Making matters worse, MailChimp has now confirmed that its breach affected more than just Trezor’s customers, with accounts belonging to 102 companies — mostly in the cryptocurrency and financial sector — also being violated. This could therefore balloon into a very serious security incident for crypto as a whole. Fortunately, we’ve put together a helpful rundown of things you can do to avoid becoming a victim of the phishing exploit.
Phishing Scam Rules for Life
There’s no doubt that scammers are becoming more sophisticated with each passing year. In fact, programmer Tomáš Kafka called the exploit “the best phishing attempt I have seen in the last few years,” and acknowledged that if he had been a Trezor user, he would have likely fallen for it.
Source: Twitter
The Trezor phishing scam consists in genuine Trezor users receiving emails purporting to be from Trezor. With the email address of these messages being “noreply@trezor.us” (please don’t email), they certainly looked convincing. To make matters worse, they make the highly concerning claim that Trezor has experienced a data breach, and use the anxiety this likely generates to urge users to “download the latest version of Trezor Suite.”
Of course, the link to the latest version of Trezor Suite is entirely fraudulent. It does indeed enable users to download an app, yet the latter is a fake Trezor app created by the scammers. If users open this app and enter their details — most notably their seed phrases — the criminals responsible for the scam will use them. No doubt for less-than wholesome ends.
This brings us to things that cryptocurrency holders and wallet owners should always do when confronted with an email claiming to be from one of the services they use. Here they are:
-
Never click on links in emails you haven’t expected. Even (or rather, especially) if an email refers to a serious security breach, do not click on any link included in it.
-
Instead, first refer to the official website of the company it claims to be from. Check the site for news releases or announcements concerning a security breach, or whatever else the suspicious email refers to.
-
Likewise, check the company’s social media channels (e.g. its Twitter), for any announcements. Also, search for news (on social media or via a reliable search engine) on the hack or event.
-
If you can find no corroborating news or announcements relating to the strange email, try contacting the company’s support channels if you’re still worried. By doing this, you’ll be able to confirm whether there is a security breach and receive advice on what to do.
-
Even if you do find confirmation of a security breach, still don’t click on the link in the original, suspicious email. Hackers may be trying to exploit an actual unfolding situation. Conversely, if you find nothing confirming the email, still don’t click on any links in it. Again, contact support if you’re unsure what to do.
- Never enter your seed recovery phrase. There are some exceptions (obviously when recovering a lost wallet) but, in general, don’t enter your seed recovery phrase and you’ll protect yourself from the vast majority of scams.
These six points cover what any user (whether of Trezor or another cryptocurrency platform) should do if they’re worried about an alarming email. Basically, the cardinal rule is NEVER click on a link in an alarming or suspicious email.
On its own website, Trezor covers some additional advice for anyone concerned that they may have been affected by the phishing scam. It notes that anyone who has entered details into the fake Trezor Suite app should “immediately” move their assets to a wallet with a newly generated seed. That said, they note that if you haven’t entered your seed phrase into the fake app, “your funds will not have been compromised.”
Trezor also offers advice on double-checking the email address that has sent suspicious or alarming emails, by clicking on the name of the sender or the address for more details. In Trezor’s case, it always communicates from “@trezor.io” or “@satoshilabs.com” domains, so anything else (e.g. “@trezor.us”) is dangerous. The same goes for any websites or addresses you may be sent to: always check for the official domain.
MailChimp Exploit Won’t Affect Only Trezor Users
The advice above is something that users of other wallets and cryptocurrency services should keep in mind, since MailChimp has confirmed that the breach of its databases didn’t affect only Trezor. It hasn’t named names, but in a statement to the Bleeding Computer website, it has confirmed that “audience data” (most likely mailing lists) from 102 customer accounts (i.e. from the companies it hosts lists for) has also been stolen.
“The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised,” said MailChimp CISO Siobhan Smyth. “We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected.”
Smyth also acknowledged that the 102 ‘customers’ were based in the cryptocurrency and finance sectors, echoing what Trezor had stated in an earlier statement.
Source: Twitter
This means that anyone who has registered their email with a cryptocurrency service provider (of whatever kind) should be wary of an increased risk of phishing messages. Again, ignore any email that contains links and instead turn to official company channels and look for updates.
This advice is likely to remain relevant for a long time to come, since even if cryptocurrency and blockchain technology itself is relatively robust from a cybersecurity standpoint, the same can’t be said for the ‘traditional’ tech (such as mailing servers) most cryptocurrency service providers continue to use. This is basically what happened to Ledger in 2020, with just over 270,000 of its customers having their contact details stolen as a result of a similar breach.
The moral of this story is to always remain vigilant. That said, the new Trezor phishing scam shouldn’t be taken to mean that crypto is any less safe, or any more illicit, than the result of the economy. On the contrary: while illicit transfers as a percentage of overall cryptocurrency transactions declined last year, the cost of cybercrime as a whole to the global economy continues to grow. It’s estimated to be worth around $6 trillion in 2021, underlining why the advice above applies even more strongly in sectors outside of crypto.