Trezor Suffers Newsletter Phishing Attack via MailChimp Exploit

Crypto hardware wallet company Trezor has confirmed that some of its users were the target of a phishing attack over the weekend. Trezor tweeted that it was investigating “a potential data breach of an opt-in newsletter hosted on MailChimp” and warned users to avoid opening emails from “”.

“We will not be communicating by newsletter until the situation is resolved,” Trezor advised in a later post. “Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity.”

Fake Security Breach Used as Bait

Trezor users shared warnings and screenshots of the phishing attempt from April 2, some noting it was a bare-faced ruse to induce users to download malicious code under the guise of Trezor’s Suite desktop app by alleging a fake security breach at the company:

A Trezor Good News Story

In a rare good news story associated with a similar incident in January, a hacker using the handle ‘Kingpin’ was able to bail out a user who’d forgotten the PIN to his Trezor One hardware wallet.


Kingpin later posted a video demonstrating how he managed to retrieve the user’s PIN:

Phil Stafford

Phil Stafford

Phil is a long-standing Australian journalist with specialised experience in business, finance, travel and popular culture.

You may also like