Hardware Wallet Provider Trezor Targeted in Phishing Attack

A malicious actor pretending to be Trezor sent a false email requesting victims to update their software and change their wallet PIN

by Sebastian Sinclair /

April 4, 2022 08:00 am

Blockworks exclusive art by axel Rangel

Trezor said Saturday its newsletter had been breached by an “insider targeting crypto companies”
The domain linked to the breach, ending in the extension .us, has since been taken down, the provider said

Cryptocurrency hardware wallet provider Trezor said Saturday it was investigating a data breach of its opt-in newsletter hosted on marketing platform MailChimp.

A scam email warning of a breach began circulating last week, according to affected users. Trezor then sent a warning via Twitter asking its users not to open emails originating from the phishing domain “[email protected].”

Users took to social media to warn against the scam email impersonating Trezor and its security team, which prompted victims to download the “latest version of Trezor Suite” and change their wallet PIN.

Newsletter

Subscribe to The Breakdown

Loading Tweet..

The provider has since managed to take down multiple phishing domains targeting users including Trezor.us, according to a follow-up tweet on Sunday.

“MailChimp has confirmed that their service has been compromised by an insider targeting crypto companies,” Trezor said. “We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.”

The company also said it would not communicate via its newsletter until the situation is resolved.

Questions have been raised by the community, wondering why the provider had not already registered top-level domains (TLD) including extensions .us, .net, and .com to prevent such attacks.

Still, some argue hackers could easily circumvent TLD registration by imitating the domain name and changing a single character, such as “Trez0r,” to dupe victims.

Trezor did not immediately respond to Blockworks’ request for comment.

This type of attack does not represent a threat to the cryptographic security of the hardware wallet, nor is it the first example of a crypto wallet firm being targeted. Rival hardware wallet manufacturer Ledger suffered a data leak of its marketing database in July 2020, which resulted in its users being the target of phishing attacks and other forms of fraud.

Get the news in your inbox. Explore Blockworks newsletters:

The Breakdown: Decoding crypto and the markets. Daily.
0xResearch: Alpha in your inbox. Think like an analyst.

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2026

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy tickets learn more

recent research

Research

ERC 8004: Introducing Trust for AI Agents

ERC 8004 introduces a new trust layer for AI agents by standardizing onchain identity, reputation, and validation. As agents begin handling capital and coordinating autonomously, trust becomes the key constraint to broader adoption. The rollout mirrors the early x402 narrative, where adoption lagged the initial launch until major integrations and a viral use case pulled attention into the ecosystem. If ERC 8004 follows a similar path, downstream infrastructure tied to the standard could see outsized benefit as the narrative gains traction. The primary beneficiaries are likely to be agent frameworks and launchpads at the distribution layer, agent to agent coordination platforms that enable delegation and payments, and validation providers that offer stronger security and execution guarantees.

by Kunal Doshi