Following a compromise from the email service company, MailChimp, a phishing email attack targets Trezor mailing list.
Some users of the Trezor hardware wallet received phishing emails following the breach at a third-party service provided by SatoshiLabs. This led to the compromise of the company’s mailing list. It seems that the hacker gained access to thousands of emails associated with the hardware wallet makers.
According to Andreas M. Antonopoulos, it is obvious that the emails were phishing for private keys of the wallet because some of the recipients had single email addresses dedicated to their Trezor wallets.
A Different Domain Than SatoshiLabs
The suspected email originated from a domain different from the usual SatoshiLabs domain. The email was proven to be malicious because it contained a link prompting recipients to download a new “Trezor Suite”. Since SatoshiLabs is not in the practice of putting links in their emails, it became apparent to experienced users that they were dealing with an attempt to phish for their private links.
Security Breach at Mailchimp targets Crypto Customers for Phishing Scams. Yesterday I was targeted for a Trezor related phishing scam. I wrote a quick post on Patreon to discuss what happened and what NOT to do. Please be careful out there friends. https://t.co/o2ZLC5Nqad
— Andreas (@aantonop) April 4, 2022
According to a blog post, the intent of the email was to prompt the recipient to upload their private keys by informing them that their original file was corrupted. If they imported their seeds, this would clearly lead to the loss of their assets.
A standard phishing practice informs the owners of a wallet that they need to import their 12-24 seed phrase to avoid losses due to corruption. In practice, doing this leads to an irrevocable loss of access to the wallet and the coins that are in it.
The compromise that led to the exposure of the SatoshiLabs mailing list did not originate from the company itself. It was from a third-party breach from MailChimp, the email software management company that the hardware wallet uses. MailChimp is a popular service provider used by some of the top Fintech companies.
Even though experienced users won’t fall for phishing tricks, it is possible that many less savvy users would lose their seeds to the scam. Last year, Ledger’s email list was compromised, leading to the loss of private keys by some users of the hardware wallet. A rule of thumb in avoiding phishing scams is never to type recovery seeds into any platform that is not your hardware wallet.