Trezon, a hardware cryptocurrency wallet, was targeted in a phishing attack through emails as they were sent through one of their opt-in newsletters hosted at MailChimp.
A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them.
Trezor hardware wallet owners began receiving data breach notifications prompting recipients to download a fake Trezor Suite software that would steal their recovery seeds.
However, MailChimp confirmed that their service was compromised by an "insider" targeting cryptocurrency companies.
TPRM report: https://scoringcyber.rankiteo.com/company/trezor
"id": "tre03728522",
"linkid": "trezor",
"type": "Breach",
"date": "04/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Hardware Cryptocurrency Wallet',
'name': 'Trezor',
'type': 'Company'},
{'industry': 'Email Marketing',
'name': 'MailChimp',
'type': 'Company'}],
'attack_vector': ['Email',
'Fake Data Breach Notifications',
'Fake Software Download'],
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Recovery Seeds',
'Cryptocurrency Wallets']},
'description': 'Trezon, a hardware cryptocurrency wallet, was targeted in a '
'phishing attack through emails as they were sent through one '
'of their opt-in newsletters hosted at MailChimp. A '
'compromised Trezor hardware wallet mailing list was used to '
'send fake data breach notifications to steal cryptocurrency '
'wallets and the assets stored within them. Trezor hardware '
'wallet owners began receiving data breach notifications '
'prompting recipients to download a fake Trezor Suite software '
'that would steal their recovery seeds. However, MailChimp '
"confirmed that their service was compromised by an 'insider' "
'targeting cryptocurrency companies.',
'impact': {'data_compromised': ['Recovery Seeds', 'Cryptocurrency Wallets']},
'initial_access_broker': {'entry_point': 'Email'},
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Compromised Mailing List'},
'threat_actor': 'Insider',
'title': 'Phishing Attack on Trezor Hardware Wallet Users',
'type': 'Phishing',
'vulnerability_exploited': 'Compromised Mailing List'}