The owners of Trezor, a popular manufacturer of cryptocurrency hardware wallets, have been targeted with fake data breach emails, according to a tweet posted by the Prague-based company.
The incident was linked to the popular email marketing service platform Mailchimp, which has been compromised by an insider in order to send malicious links to cryptocurrency firms.
Those users who have subscribed to one of the newsletters powered by Mailchimp received a slew of fake notifications. Fraudsters, who were impersonating the Trezor team, warned that the cryptocurrency holdings of their potential victims could be stolen due to a massive security breach.
The bad actors behind the scam attempted to lure the recipients of the aforementioned emails into downloading a fake version of Trezor Suite software from a fraudulent domain that look like the real deal and trap them into entering their seed phrase.
The bogus domain name featured Punycode characters, which made it possible for the hackers to add a veneer of legitimacy to the fake app.
The recovery seed is the most crucial element of any wallet. It is a list of words that allow easily regaining access to one’s cryptocurrency holdings. The rule of thumb is to never enter your seed phrase on any site. Nevertheless, there have been countless victims who have been careless and clueless enough to disclose their seed phrases.