Trezor, a crypto hardware provider has begun investigating a possible data breach that may have compromised users’ email addresses and other personal information.
Several users from the community warned about an ongoing email phishing campaign specifically targeting Trezor users via their registered email addresses with the ultimate intention to steal funds by misleading unwary investors. As part of the attack, users received an email about downloading an app from the ‘trezor.us’ domain, which is different from the official Trezor domain name, ‘trezor.io.’
Trezor initially suspected that the compromised email addresses belong to a list of users who opted-in for newsletters, which was hosted on an American email marketing service provider Mailchimp.
Trezor officially investigates to identify the total number of stolen email addresses, users are advised not to click on links coming from unofficial sources until further notice.