Trezor Investigates A Potential Phishing Attack On Its Database

Trezor investigates a potential phishing attack on its database with plenty of users alarming the wallet manufacturer that there’s an ongoing email phishing campaign that targets users via their registered email addresses so let’s take a closer look at today’s latest blockchain news.

Crypto hardware wallet provider Tezos investigates a potential phishing attack and warned of the phishing campaign that targets the Trezor users via their email addresses. In the ongoing attack, a few Tezor users were contacted by unauthorized actors that posed as the real company with the goal to steal funds by misleading unwary investors. As a part of the attack, the users recieved an email about downloading a new app from the website which looked different in its domain. Trezor initially suspected that the compromised addresses belong to a number of users that opted for newsletters that were hosted on the American email marketing service provider Mailchimp:

“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.”

Wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don't have Trezor, because if I had, I would probably actually download that update. pic.twitter.com/DaBN2Oix11

— Tomáš Kafka (@keff85) April 2, 2022

While Trezor investigates to identify the total number of stolen addresses, the users are advised not to click on the links that come from unfamiliar sources until furhter notice. Also, at the end of March, the New Jersey crypto financial institution BlockFi confirmed a data breach to warrant the investors about a potential attack. The hackers managed to gain access to BlockFi’s data which was hosted on Hubspot:

“Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.”

Regarding recent third-party data incident: pic.twitter.com/50z7IrQ1za

— BlockFi (@BlockFi) March 19, 2022

With the specifics of the data are yet to be identified and revealed, BlockFi reassured the users that personal data such as passwords and IDs were not stored on Hubspot.

As recently reported, A week after introducing the Address Ownership Proof Protocol, the wallet company backtracked on the decision due to its customer privacy concerns. Since 2019, Swiss Financial crypto intermediaries required proof of ownership of an external address for BTC withdrawals and deposits to their customers’ noncustodial wallets and one automated mechanism used for this is the Adress Ownership Proof Protocol.  The Trezor hardware wallet introduced AOPP signing as a part of the latest January update a week ago, allowing users to generate signatures that conform to the AOPP standard used in certain jurisdictions. Trezor even announced it will remove the protocol in the next update after consideration of recent feedback.