Hackers utilized an internal tool to collect data from 102 of MailChimp's clients, and the stolen information was subsequently used to phish users of the popular cryptocurrency wallet Trezor.
Trezor users received emails over the weekend saying that their accounts had been compromised due to a data breach. The email contained a phishing site that claimed to be a link to an updated version of Trezor Suite, as well as instructions on how to set up a new pin — but it was actually a phishing site designed to steal the contents of their digital wallets.
Hackers Breached MailChimp
Cybercriminals accessed MailChimp's systems at some point last month, taking information from 102 users, the company said on Monday, April 4.
The incident, which was discovered by MailChimp personnel on March 26, entailed an unknown threat actor gaining access to internal tools used by the company's customer support staff for account administration.
According to MailChimp's Chief Information Security Officer Siobhan Smyth, the breach was propagated by an external actor who successfully executed a social engineering attack on MailChimp employees, resulting in employee credentials being hijacked. The hacker or hackers then exploited their access to the company to obtain subscriber data.
Despite the fact that MailChimp deleted the compromised employee accounts after discovering the incident, the hackers were still able to monitor about 300 MailChimp user accounts and steal audience data from 102 of them. As a result of the security breach, MailChimp got reports of the malicious actor sending phishing campaigns to their contacts using information collected from user accounts. The attempt appears to have been geared to collect information on people working in the crypto and finance industries, Smyth said.
Smyth apologized to the company's users in a statement provided to The Verge, adding, "We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We're confident in the security measures and robust processes we have in place to protect our users' data and prevent future incidents."
Trezor Hardware Targeted via MailChimp
Instead of utilizing cloud-based wallets or wallets kept on the users' PC, Bleeping Computer explained that Trezor is a hardware cryptocurrency wallet that allows users to store crypto assets offline. This eliminates the vulnerability presented by online storage.
A 12 to 24-word recovery seed will be displayed when setting up a new Trezor, allowing owners to retrieve their wallets if their device is stolen or lost. Anyone who knows the recovery seed, on the other hand, can acquire access to the wallet and its stored cryptocurrency, making it critical to keep the recovery seed safe.
On April 3, Trezor stated on Twitter that the emails which forced owners of Trezor hardware wallets to download a bogus Trezor Suite software that would steal their recovery seeds were phishing scams distributed through one of their MailChimp-hosted opt-in newsletters.
In a statement to Gizmodo, Trezor said that MailChimp has revealed that an insider targeting crypto firms has hacked its service.
"We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice," said Trezor.