Freely subscribe to our NEWSLETTER

Trezor confirmed on Twitter that these emails were a phishing attack sent through one of their opt-in newsletters hosted at MailChimp. Trezor later said that MailChimp allegedly confirmed their service was compromised by an "insider" targeting cryptocurrency companies.

The security incident involved data belonging to 106,856 of Trezor’s customers.

In response to this, a comment from Zac Warren, Senior Director of Cybersecurity Advisory – EMEA at Tanium:

“This attack is a reminder that links in emails should always be checked to ensure that they aren’t harmful, even if it looks like the email has come from a reliable source. Attacks launched by insiders are particularly dangerous because the emails were sent from a genuine source, so recipients would have to look very closely at the email to notice something wasn’t right.

Other cryptocurrency and digital wallet companies should now be checking if they have fallen victim to the same attack, if they have then it’s important to respond to the incident as quickly as possible. In the event of a breach, it’s vital that IT teams have comprehensive visibility of their IT estate. This helps them to identify what parts of their network have been compromised and to locate the attacker and stop any further damage. Visibility will also give organisations an indication of whether sensitive data might have been accessed which is important for several reasons including compliance.

Staff training is another important element of preventing phishing attacks like this. By educating staff about the dangers and how they can identify a potential threat, organisations can prevent some of these attacks at the first step. Even if a breach does take place, staff training can help IT teams tackle the problem at an early stage and minimise the damage. Staff training should be included in any cyber hygiene program along with the visibility and control of endpoints and networks.”