SECURITY NOTICE: PHISHING CAMPAIGN TARGETING OUR USERS– WHAT YOU NEED TO KNOW
%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:xlink='http://www.w3.org/1999/xlink'%20x='0px'%20y='0px'%20viewBox='0%200%20295.5%20295.5'%20style='enable-background:new%200%200%20295.5%20295.5;'%20xml:space='preserve'%3e%3cstyle%20type='text/css'%3e%20.st0{fill:%23231F20;}%20%3c/style%3e%3ctitle%3eclock%20icon%3c/title%3e%3cpath%20class='st0'%20d='M268.8,147.7c0,66.9-54.2,121.1-121.1,121.1c-66.9,0-121.1-54.2-121.1-121.1S80.9,26.6,147.8,26.6V0%20C66.1,0,0,66.1,0,147.8s66.1,147.8,147.8,147.8s147.8-66.1,147.8-147.8c0,0,0,0,0,0H268.8z'/%3e%3cpolygon%20class='st0'%20points='134.4,80.6%20134.4,134.4%20134.4,147.8%20134.4,161.1%20187.8,161.1%20187.8,134.4%20161.1,134.4%20161.1,80.6%20'/%3e%3c/svg%3e)
5 min readWe want to inform our community about a recent phishing campaign that affected a segment of our users. At STOKR, transparency and user safety are core to our values, and we believe it's important to keep you informed about incidents that may impact your data.
What Happened
On June 9, 2025, 21:09 (CEST) we began receiving reports from users about suspicious emails impersonating our brand. These messages attempted to deceive users into clicking malicious links or sharing personal information.
Our internal investigation revealed that these phishing emails were primarily sent to older user accounts.
Our Findings
While our internal systems remain secure and uncompromised, we believe that the email addresses targeted in the phishing campaign may have been leaked via a third-party service we used in the past.
Specifically, we suspect the source of the exposure may be related to MailerLite, a platform we previously used to collect and manage subscriber emails. In January 2024, MailerLite experienced a data breach that affected many of its clients, especially those in the crypto space, which aligns with our business profile. You can read their official statement here.
What You Should Do
If you’ve received any suspicious emails that appear to come from us, do not click on any links or share any personal information. Instead, forward the message to our data protection team at [email protected] and delete it immediately.
We recommend all users, especially those with older accounts, to:
- Enable two-factor authentication (2FA) on their accounts.
- Change passwords if reused elsewhere.
- Stay cautious of unsolicited emails asking for sensitive data.
What We’re Doing
- We’ve launched a full review of all third-party vendors and services historically used for email collection.
- Our team is actively monitoring for further phishing attempts and related threats.
- We’re notifying affected users directly and providing guidance on how to stay protected.
- We’re filing the appropriate data breach notification with the relevant Data Protection Authority.
Our Commitment to You
We take the protection of your personal information very seriously. While the source of this incident appears to be external, it reinforces our ongoing commitment to auditing, minimizing, and securing data exposure — past and present.
We’ll continue to provide updates if new information becomes available.
Thank you for your trust!
By Lukas Cremer
Technology lead
If you have any questions or concerns, feel free to contact us at [email protected].
Discover related insights
H100 Group Partners With STOKR To Explore A Tokenized Convertible Loan
By partnering with STOKR, H100 advances its Bitcoin Treasury Strategy through a tokenized model designed to engage the Bitcoin-native investor community.
STOKR PRODUCT UPDATE - JUNE 2025
