MailChimp, the well-known email marketing company, has been hacked. Cybercriminals infiltrated the company’s systems at some point last month, stealing information on over 100 users. The criminals then repurposed the stolen data to phish users of the popular crypto wallet
“MailChimp have [sic] confirmed that their service has been compromised by an insider targeting crypto companies,” the company revealed. “We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice.”
On Monday, the company followed up with users, publishing a blog in which they provided substantially more information on the phishing campaign. The scheme used sophisticated tactics, including a phony Trezor lookalike app that prompted users for their seed—the string of randomly generated words that act as the crypto wallet’s passkey. Targets of the phishing campaign would receive an email telling them that Trezor had been hit with a “security incident” and that if they were receiving the email they should download an updated version of the Trezor Suite app. The phishing note read, in part:
“Trezor has experienced a security incident involving data belonging to 106.856 of our customers, […] If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet.”
The user would then be asked to click a link to download the lookalike app and to “connect your wallet and enter your seed.” If the user fell for this message and entered their seed on the phony app, hackers would have likely stolen the contents of their wallet, Trezor has said.
It’s unclear how much data was stolen during the MailChimp hack or if other crypto companies have (or will) been targeted with phishing attempts, aside from Trezor.
“We are currently investigating how many customers might have been affected following an insider compromise of a newsletter database hosted on Mailchimp,” Trezor said, in their blog.
An earlier version of this story mistakenly referred to the crypto wallet mentioned in this story as Trezor Hardware. The actual name is merely Trezor, by Satoshi Labs.