Trezor has announced that on 3 April its users were victims of phishing attacks from the MailChimp newsletter service that was compromised by an insider who appears to have targeted cryptocurrency companies. The hardware wallet company has decided to suspend newsletters until the situation is resolved.
Trezor and the phishing attack on its users through compromised MailChimp
The hardware wallet company Trezor has confirmed that its users who reported the phishing attack on 3 April were indeed right. The cause appears to have been the tampered MailChimp newsletter service. Here is the announcement on Twitter:
We will not be communicating by newsletter until the situation is resolved.
Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity. 2/
— Trezor (@Trezor) April 3, 2022
“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.
We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity”.
Basically, to prevent the insider from following up by targeting Trezor users, the hardware wallet has confirmed that it will no longer communicate via newsletters.
How does it work the attack?
According to Trezor itself, it appears that the current attack involves a link in the phishing email newsletter that directs the user to download a Trezor Suite look-alike app, which asks them to connect their wallet and enter their seed.
And it is precisely the seed that is compromised once the user enters it into the app and all funds are immediately transferred to the hacker’s wallet.
Trezor himself calls this phishing attack sophisticated, precise and planned in detail. As an example, one such email read as follows:
“Trezor has experienced a security incident involving data belonging to 106.856 of our customers, […] If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet”.
The $600 million attack on Axie Infinity
From hardware wallets to GameFi, recently Axie Infinity‘s popular blockchain game also suffered a $625 million hack involving Ethereum and USDC.
It was one of the biggest crypto thefts in the history of cryptocurrencies, and certainly the biggest of those carried out against decentralized finance.
The hacker used the hacked private keys to forge withdrawals from the Ronin Bridge, stealing 173,600 ETH and 25.5 million USDC.
The hackers breached the cybersecurity of the Ronin Network, the independent blockchain on Ethereum developed independently by the publishers of Axie Infinity.