A malicious actor, pretending to be from Trezor, sent a false email requesting victims to update their software and change their wallet PIN

Cryptocurrency hardware wallet provider Trezor said Saturday it was investigating a data breach of its opt-in newsletter hosted on US marketing platform MailChimp.

A scam email warning of a breach began circulating last week, according to affected users. Trezor then sent a warning via Twitter asking its users not to open emails originating from the phishing domain “noreply@trezor.us.”

Users took to social media to warn against the scam email impersonating Trezor and its security team which prompted victims to download the “latest version of Trezor Suite” and change their wallet PIN.

The provider has since managed to take down multiple phishing domains targeting users including Trezor.us, according to a follow-up tweet on Sunday.

“MailChimp has confirmed that their service has been compromised by an insider targeting crypto companies,” Trezor said. “We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.”

The company also said it would not be communicating via its newsletter until the situation is resolved.

BTCBTCBTC