Trezor, a popular Bitcoin (BTC) hardware wallet, has revealed that its newsletter has been compromised, warning users of phishing attacks — but the team’s chief information security officer (CISO) shared tips on how to stay crypto-safe just days earlier.
The incident comes several days after Jan Andraščík, CISO of SatoshiLabs, the team behind Trezor, published a detailed guide instructing crypto users on how to improve their security. In the article, Andraščík shared 10 tips that could lower “your chances of being attacked.”
In the first place, he emphasized the importance of having strong, unique passwords. He suggested passwords be 12 or more characters and include both lowercase and uppercase characters, digits, and special symbols.
Secondly, he recommended the use of multifactor authentication. There are various types of multifactor authentication, but SMS authentication and software-based authentication are the most widely used methods.
Other tips include:
- use up-to-date software: outdated softwares are vulnerable and a likely vector of attacks for scammers;
- use genuine software: non-genuine softwares usually can provide malicious third-party actors access to operating systems and other files;
- avoid public Wi-Fis: bad actors can use public Wi-Fis to obtain sensitive information;
- beware of phishing attacks: always check the sender, check the text, and check the links shared via messages before clicking them;
- protect from malware: use antivirus and malware protection;
- make sure to know about the latest trends around cyber security;
- backup your data;
- encrypt your data.
The company confirmed the attack in a Sunday morning tweet, saying that they are “investigating a potential data breach of an opt-in newsletter hosted on MailChimp.”
Trezor warned that:
“A scam email warning of a data breach is circulating. Do not open any email originating from [email protected], it is a phishing domain.”
Some Trezor users took it to Twitter early Sunday to reveal a suspicious email they received from Trezor via their registered email addresses.
The email claims that the company has “experienced a security incident” that breached the data of 106,856 users. It then asks users to download Trezor’s latest version, which is actually a version of the company’s desktop suite software from a replica website.
In the latest update, Trezor said “MailChimp has confirmed that their service has been compromised by an insider targeting crypto companies,” adding that they have managed to take the phishing domain down.
“We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice,” they said. “Please ensure you are using anonymous email addresses for bitcoin-related activity.”
____
Learn more:
– Bitcoin & Crypto Wallet Hygiene 101
– Crypto Wallet Trends in 2022: More Privacy, Security, Features, and Choice
– Trezor Halted Wallet Shipments to Russia and Ukraine
– Trezor Ditches a Controversial KYC Feature, Plans Features to ‘Cut Off Regulatory Overreach’
– Two European Parliament Committees Pass Controversial Crypto Regulation of ‘Unhosted Wallets’
– EU Draft Regulation Threatens Crypto Industry But the Fight Is Not Over Yet
