Hardware Wallet Provider Trezor Targeted in Phishing Attack

A malicious actor pretending to be Trezor sent a false email requesting victims to update their software and change their wallet PIN

article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • Trezor said Saturday its newsletter had been breached by an “insider targeting crypto companies”
  • The domain linked to the breach, ending in the extension .us, has since been taken down, the provider said

Cryptocurrency hardware wallet provider Trezor said Saturday it was investigating a data breach of its opt-in newsletter hosted on marketing platform MailChimp.

A scam email warning of a breach began circulating last week, according to affected users. Trezor then sent a warning via Twitter asking its users not to open emails originating from the phishing domain “[email protected].”

Users took to social media to warn against the scam email impersonating Trezor and its security team, which prompted victims to download the “latest version of Trezor Suite” and change their wallet PIN.

Loading Tweet..

The provider has since managed to take down multiple phishing domains targeting users including Trezor.us, according to a follow-up tweet on Sunday.

“MailChimp has confirmed that their service has been compromised by an insider targeting crypto companies,” Trezor said. “We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.”

The company also said it would not communicate via its newsletter until the situation is resolved.

Questions have been raised by the community, wondering why the provider had not already registered top-level domains (TLD) including extensions .us, .net, and .com to prevent such attacks.

Still, some argue hackers could easily circumvent TLD registration by imitating the domain name and changing a single character, such as “Trez0r,” to dupe victims.

Trezor did not immediately respond to Blockworks’ request for comment.

This type of attack does not represent a threat to the cryptographic security of the hardware wallet, nor is it the first example of a crypto wallet firm being targeted. Rival hardware wallet manufacturer Ledger suffered a data leak of its marketing database in July 2020, which resulted in its users being the target of phishing attacks and other forms of fraud.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates.png

Research

Despite ending its points program, Hyperliquid has maintained a dominant market position with 77% of perpetuals DEX volumes, though overall volume has decreased from early 2025. It is the only DEX that has been able to compete with CEX volumes. Hyperliquid's success stems primarily from rapid, relevant token listings and superior UX for users and market makers, particularly its API - which is how market makers interact with the protocol. The controversial oracle price override during the JELLY incident exposed risks in the Hyperliquid Liquidity Pool (HLP), though the team has since implemented risk management adjustments. The HyperEVM is currently underoptimized and lacks necessary precompiles, but represents an important strategic expansion to enable asset issuance and DeFi composability.

article-image

Securitize announced it acquired a crypto-focused fund administration firm

article-image

ETH’s success hinges on the resource of data availability, particularly how much it sells to L2s

article-image

Solayer’s Emerald Card integrates SolanaID so users can build their “onchain reputation.”

article-image

In 2011, bitcoin blew past the one-dollar event horizon and never looked back

article-image

Sponsored

Transferability of WCT brings the onchain economy closer to a more open, permissionless, and community-driven experience

article-image

Taking a look at the biggest stablecoin players and where they stand