Phishing Email Attack Targets Trezor Mailing List

Trezor phishing email

Following a compromise from the email service company, MailChimp, a phishing email attack targets Trezor mailing list.

Some users of the Trezor hardware wallet received phishing emails following the breach at a third-party service provided by SatoshiLabs. This led to the compromise of the company’s mailing list. It seems that the hacker gained access to thousands of emails associated with the hardware wallet makers.

According to Andreas M. Antonopoulos, it is obvious that the emails were phishing for private keys of the wallet because some of the recipients had single email addresses dedicated to their Trezor wallets.

A Different Domain Than SatoshiLabs

The suspected email originated from a domain different from the usual SatoshiLabs domain. The email was proven to be malicious because it contained a link prompting recipients to download a new “Trezor Suite”. Since SatoshiLabs is not in the practice of putting links in their emails, it became apparent to experienced users that they were dealing with an attempt to phish for their private links.

According to a blog post, the intent of the email was to prompt the recipient to upload their private keys by informing them that their original file was corrupted. If they imported their seeds, this would clearly lead to the loss of their assets.

A standard phishing practice informs the owners of a wallet that they need to import their 12-24 seed phrase to avoid losses due to corruption. In practice, doing this leads to an irrevocable loss of access to the wallet and the coins that are in it.

MailChimp Connection

The compromise that led to the exposure of the SatoshiLabs mailing list did not originate from the company itself. It was from a third-party breach from MailChimp, the email software management company that the hardware wallet uses. MailChimp is a popular service provider used by some of the top Fintech companies.

Even though experienced users won’t fall for phishing tricks, it is possible that many less savvy users would lose their seeds to the scam. Last year, Ledger’s email list was compromised, leading to the loss of private keys by some users of the hardware wallet. A rule of thumb in avoiding phishing scams is never to type recovery seeds into any platform that is not your hardware wallet.


Author: Jofor Humani

Jofor is a crypto journalist with passion for investigative reviews.