Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fake Trezor Data Breach Emails Used to Steal Cryptocurrency Wallets

Fake Trezor Data Breach Emails Used to Steal Cryptocurrency Wallets

A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them.

Trezor is a hardware cryptocurrency wallet that allows you to store your crypto assets offline, rather than using cloud-based wallets or wallets stored on your PC that are more vulnerable to theft.

When setting up a new Trezor, a 12 to 24-word recovery seed will be displayed that allows owners to recover their wallets if their device is stolen or lost.

However, anyone who knows this recovery seed can gain access to the wallet and its stored cryptocurrencies, making it vital to store the recovery seed in a safe place.

Starting today, Trezor hardware wallet owners began receiving data breach notifications prompting recipients to download a fake Trezor Suite software that would steal their recovery seeds.

Trezor confirmed on Twitter that these emails were a phishing attack sent through one of their opt-in newsletters hosted at MailChimp.

Trezor later said that MailChimp allegedly confirmed their service was compromised by an “insider” targeting cryptocurrency companies.

Also Read: 5 Best practices for protecting corporate data when an employee leaves

Trezor tweet

BleepingComputer has contacted MailChimp to learn more about this compromise but has not received a reply at this time.

A deeper look at the Trezor attack

The phishing attack started with the Trezor hardware wallet owners receiving fake security incident emails claiming to be a data breach notification.

“We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers, and that the wallet associated with your e-email address [email here] is within those affected by the breach.,” reads fake Trezor data breach phishing email.

Fake data breach notification from Trezor
Fake data breach notification from Trezor
Source: Twitter

These fake data breach emails say that the company does not know the extent of the breach and that owners should download the latest Trezor Suite to set up a new PIN on their hardware wallet.

Also Read: The necessity of conducting penetration testing and vulnerability assessment

The email includes a ‘Download Latest Version’ button that brings the recipient to a phishing site that appears in the browser as

However, the website is a domain name using Punycode characters that allows the attackers to impersonate the domain using accented or Cyrillic characters, with the actual domain name being suite.xn--trzor-o51b[.]com.

It should be noted that the legitimate Trezor website is

This fake site prompts users to download the Trezor Suite application, as shown below.

Phishing site pushing fake Trezor Suite
Phishing site pushing fake Trezor Suite
Source: BleepingComputer

In addition to the suite.xn--trzor-o51b[.]com website, the threat actors also created phishing sites at the URLs:

http://suite.trezoriovpjcahpzkrewelclulmszwbqpzmzgub37gbcjlvluxtruqad[.]onion/ (Tor site)

When a visitor downloads the desktop app, it will download a fake Trezor Suite application from the phishing site named ‘Trezor-Suite-22.4.0-win-x64.exe’.

As you can see below, the legitimate Trezor Suite application is signed using a certificate for “Satoshi Labs, s.r.o.” and the fake Windows version [VirusTotal] is signed by a certificate from “Neodym Oy” (right).

Comparison of digital signatures for fake and legitimate Trezor Suite downloads
Comparison of digital signatures for fake and legitimate Trezor Suite downloads
Source: BleepingComputer

As the Trezor Suite is open source, the threat actors downloaded the source code and created their own modified app that looks identical to the original, legitimate application.

Ironically, this fake suite even includes Trezor’s warning banner about phishing attacks at the top of the application’s screen.

Fake Trezor Suite software
Fake Trezor Suite software
Source: BleepingComputer

However, once Trezor owners connect their device to the fake Trezor Suite app, it will prompt them to enter their 12 to 24-word recovery phrase, which is sent back to the threat actors.

Now that the threat actors have your recovery phrase, they can use it to import the recovery phrase into their own wallets and steal victims’ cryptocurrency assets.

An almost identical attack targeted Ledger hardware crypto wallet owners wish phishing attacks leading to fake Ledger Live software.

What should Trezor owners do?

First and foremost, never enter your recovery seed in any app or website. The seed should only be entered directly on the Trezor device you are trying to recover.

As it is easy to create lookalike domains that impersonate legitimate sites, when it comes to cryptocurrency and financial assets, always type the domain you’re trying to reach into your browser rather than relying on links in emails.

This way, you know you are going to the legitimate site rather than a site impersonating it.

Furthermore, Trezor’s official website is at, so other domains, such as, are unrelated to the crypto hardware wallet company.

Finally, disregard any emails claiming to be from Trezor stating that you were affected by a recent data breach. If you are concerned, rather than click on the link in these emails, contact Trezor directly for more information.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us