In early April 2022, Trezor hardware wallet owners received suspicious emails urging them to update their software. One of the largest phishing campaigns in the history of the Web3 segment was attempted through these letters.
CoinLoan’s fraud detection team thwarts the attack
Cryptocurrency holders who use Trezor’s popular hardware wallets began receiving suspicious emails on April 3, 2022. There was no indication that the messages were spam, and it looked like the source was a reputable hardware wallet company.
Based on CoinLoan’s investigation, links to the letters directed users to malicious websites with a homoglyph-added letter “e” in the word “Trezor”. Software on fraudulent websites was capable of stealing funds from users by compromising their seed phrases.
Upon detecting the malicious web domains, CoinLoan’s fraud detection team was able to reveal their IP addresses and hosting providers. Upon being notified of the fake domains, the providers removed them immediately.
The next portion of IPs was also flagged by CoinLoan representatives, even though hackers tried to use them. In response, the team uploaded the binaries to VirusTotal and notified the global cybersecurity community.
The failed attack was executed through MailChimp, a popular email marketing platform, where an unknown insider accessed its internal mechanisms and organized the phishing campaign.
Lessons to be learned from this case
Although Trezor had nothing to do with the attack, CoinLoan experts believe it is a wake-up call for the industry. Customers’ sensitive data, security, and privacy are often not protected by established and mainstream services. These failures lead to the general public believing that digital assets are associated with scams and fraud.
In this Web3 space evolution, high-level security practices, like those used by CoinLoan, can no longer be optional. This incident also highlights the vulnerability of some noncustodial services to attacks that don’t affect their custodial competitors.
While noncustodial services need to integrate third-party marketing mechanisms, CoinLoan has the strongest data protection policies to protect its customers’ funds from being accessed or moved in an unauthorized fashion.
How is CoinLoan revolutionizing digital asset lending?
CoinLoan is a comprehensive ecosystem that offers crypto borrowing, earning, and swapping modules. In this way, idle cryptoassets can be monetized.
In Q2, 2022, CoinLoan incorporated dozens of cryptoassets.
APYs of up to 12.3% can be earned by depositing crypto tokens, including USDT, USDC, and TUSD stablecoins. Crypto holders can boost available APYs with CoinLoan’s native token, CLT.
Furthermore, crypto owners can use their digital assets as collateral for loans, thus eliminating the need to sell their cryptos.
Crypto-friendly businesses can borrow bitcoins and major altcoins using CoinLoan’s corporate products.
CoinLoan has been operating as an EU-licensed business since 2017. Offering Instant Loans, Interest Account in crypto, and Crypto Exchange, its services are available to both individuals and corporations, subject to legal requirements. Both corporate and private clients of CoinLoan can benefit from a high level of security standards.
High customer retention and satisfaction are attributed to its highly competitive loan and APY rates, transparent pricing, and 24/7 customer support. CoinLoan allows users to swap and manage a wide variety of cryptocurrencies, including its native token, as well as fiat currencies on its platform.
With state-of-the-art technology and strategic partnerships, the company offers customers continuous upgrades and opportunities in the world of cryptocurrency.
For more information, please visit us at https://coinloan.io/.
subscribe to our newsletter.
The information provided by CoinLoan (“we,” “us,” or “our”) in this text is for general informational purposes only. All investment and financial opinions expressed by CoinLoan in this text are from the personal research and open information sources and are intended as educational material. All outlined information is provided in good faith. However, we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information in this text.