Home Foren Trezor Wallet Wir untersuchen einen möglichen Datenschutzverstoß bei einem Opt-in-Newsletter, der auf MailChimp gehostet wird.

Ansicht von 21 Antwort-Themen
  • Autor
    Beiträge
    • #820331
      root_s2yse8vt
      Administrator
      Up
      0
      Down
      ::

      MailChimp hat bestätigt, dass ihr Dienst von einem Insider kompromittiert wurde, der es auf Kryptounternehmen abgesehen hat. Es ist uns gelungen, die Phishing-Domain offline zu nehmen. Wir versuchen zu ermitteln, wie viele E-Mail-Adressen betroffen sind.

      Es kursiert eine betrügerische E-Mail, die vor einer Datenpanne warnt. Öffnen Sie keine E-Mails, die von folgenden Adressen stammen [noreply@trezor.us](mailto:noreply@trezor.us), es handelt sich um eine Phishing-Domäne.

      Bis die Situation geklärt ist, werden wir nicht per Newsletter kommunizieren. Öffnen Sie bis auf Weiteres keine E-Mails, die von Trezor zu stammen scheinen. Bitte stellen Sie sicher, dass Sie anonyme E-Mail-Adressen für Bitcoin-bezogene Aktivitäten verwenden.

      UPD: Status-Update über den laufenden Angriff: [https://blog.trezor.io/ongoing-phishing-attacks-on-trezor-users-edd840b17304](https://blog.trezor.io/ongoing-phishing-attacks-on-trezor-users-edd840b17304)

    • #820332
      Photolunatic
      Gast
      Up
      0
      Down
      ::

      I did not sign in for MailChimp newsletter but purchased a wallet straight from you. The scam came to the same email I gave to Trezor to get confirmation of the order.

      I am not a happy bunny and would like some answers.

    • #820333
      lookingaroundblind
      Gast
      Up
      0
      Down
      ::

      Its malware.

      This is a complete failure on Trezors mods and Reddit admins to control disinfo on their sub.

      The issue was clearly reported almost 20 hours ago and each and every thread was massively downvoted to the point it would not show up on mobile app.

      ​

      [https://www.reddit.com/r/TREZOR/comments/tv0axk/trezor_malware_phish_yup_its_bad_snake_keylogger/](https://www.reddit.com/r/TREZOR/comments/tv0axk/trezor_malware_phish_yup_its_bad_snake_keylogger/)

      ​

      Its been posted countless times, all threads on all subs were downvoted to oblivion. 🙁

    • #820334
      Midar3
      Gast
      Up
      0
      Down
      ::

      u/disco_tancuj, you should look into the heavy downvoting attack going on right now to surpress any mention of the scam. Even your post is downvoted into oblivion.

    • #820335
      BitcoinAcc
      Gast
      Up
      0
      Down
      ::

      Please do also post this information in the relevant sticky thread over at r/Bitcoin:

      WARNING TREZOR USERS: The email from noreply@trezor.us is FAKE. Do not click the link! from Bitcoin

    • #820336
      anon13145088
      Gast
      Up
      0
      Down
      ::

      related phishing addresses (AVOID!):
      noreply@trezornews.io
      noreply@satoshilabs.co
      ţrezor.com

    • #820337
      IAmIntractable
      Gast
      Up
      0
      Down
      ::

      My second set of emails came from sitoshilabs.co

    • #820338
      busybeeback
      Gast
      Up
      0
      Down
      ::

      You should send out an email saying the other emails are scams.

    • #820339
      Photolunatic
      Gast
      Up
      0
      Down
      ::

      Trezor was bosting that they managed to ban those spamming domains but…

      spammers managed to secure other domains to spam from

      1. https://suite.trezoŕ dot com
      2. noreply at satoshilabs.co
      3. suite[.]xn--rezor-6db[.]com
      4. suite.ţrezor[.]com
      5. noreply@trezornews[.]io
      6. ţrezor[.]com
      7. sitoshilabs[.]co

      TREZOR you will not recover from this. Such an amateur level of security.
      Shame on you.

    • #820340
      brianddk
      Gast
      Up
      0
      Down
      ::

      This is why `DKIM` is important. Since nothing from `trezor.io` with a valid `DKIM` signature, ignoring the phish should be a no-brainer.

      Not that any phish should convince someone to type their seed. But `DKIM` tests should definitely be used regardless.

    • #820341
      pieceofmind199
      Gast
      Up
      0
      Down
      ::

      Lots of questions emerging, now we’d like to know how is Trezor protecting its software distribution infrastructure: https://www.reddit.com/r/TREZOR/comments/tuxgdv/how_to_verify_trezor_suite_download_is_authentic/

    • #820342
      brunogeronimo
      Gast
      Up
      0
      Down
      ::

      I wrote an article about my investigations on the case, in case someone is interested:

      https://bruno.ge/en/trezor/

    • #820343
      LovelyDayHere
      Gast
      Up
      0
      Down
      ::

      > MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.

      Please post whatever information you can about this alleged MailChimp issue, as it seems very serious and perhaps others can avoid further problems if more aware of the further details, like any relevant MailChimp announcements / communications / info links.

    • #820344
      call_me_at_1800
      Gast
      Up
      0
      Down
      ::

      So what does this mean ? are our wallets safe still ? I didn’t get no email thankfully .

    • #820345
      [deleted]
      Gast
      Up
      0
      Down
      ::

      I got the fake email this morning, and it’s pretty convincing. Be careful. If you check the email, it comes from the **fake email address** [trezor.us](https://trezor.us). Delete the email, don’t click on the link and you should be safe.
      However, my email address was in the email and I want to know why. I bought my Trezor directly from you and trusted you but I start to have doubts. Trezor?

    • #820346
      Photolunatic
      Gast
      Up
      0
      Down
      ::

      Seriously you are having a laugh Trezor.
      Announcement on Twitter as everybody uses it and follows you!
      Such a dumb idea.
      Even your Twitter posts are spammed now!@

      There should be a clear message on your main site: trezor.io
      Your reputation is ruined.

    • #820347
      KotKosmonavt
      Gast
      Up
      0
      Down
      ::

      Only windows ? Or Mac os too ?

    • #820348
      EfraimK
      Gast
      Up
      0
      Down
      ::

      “compromised by an insider targeting crypto companies.” Just goes to show why it’s safer NOT to provide personally identifying data to companies. When the stakes are high enough, even malicious internal actors are tempted to breach customer trust. Lesson I’ve learned: if I can’t do business without divulging personal info (mobile #, non-disposable email address…) I’ll just have to miss the opportunity. 🙁

    • #820349
      Feisty_Win_5098
      Gast
      Up
      0
      Down
      ::

      There is a high probability that the data of the customer who purchased the hardware and the email address of the registered newsletter overlap by 90 percent.Threads that post about such events are still **unable to upvote**. It was an **’excellent’** decision to host the data and the official response to this was quite **’quick’**.

      Well done mate!

    • #820350
      JarAC77
      Gast
      Up
      0
      Down
      ::

      Trezor, Ledger, now they are officially the same thing

    • #820351
      atlantarunning
      Gast
      Up
      0
      Down
      ::

      How does one use an “anonymous email address”?

    • #820352
      mkin11
      Gast
      Up
      0
      Down
      ::

      Hi,

      I happen to have clicked on the update and both my bitcoin and Ethereum coins in my wallet were withdrawn to unknown addresses in a space of 4 minutes interval.

      Can someone advise me on the best possible course of action to take right now?

Ansicht von 21 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.