Mailchimp breach connected with Trezor breach
Cryptocurrency and fintech customers are being urged to stay vigilant after email marketing company Mailchimp was breached in an incident that saw the accounts of over 300 Mailchimp corporate customers compromised.
A sophisticated phishing attack that targeted Trezor customers may be far more widespread than previously thought and other crypto businesses could be hit.
One user who received the scam email that masqueraded as Trezor described it as “the best phishing attempt I’ve seen in years,” and expressed fears they would have fallen victim to the fraudsters if they had been one of its customers.
The company explained that those who clicked on the phishing email were told that their crypto assets were at risk of being stolen and were asked to download an app that imitated Trezor Suite. From here, they were told to connect their wallet and insert their seed phrase, which would allow the attackers to drain the account and transfer funds to their own accounts. The statement warned:
This attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and included a web version of the app.
Trezor says that those who opened the email are not in danger unless they typed their seed phrase into the malicious app and the company stressed that all users should never enter their seed anywhere unless their Trezor device tells them to.
Those who have are being urged to immediately move their assets to a newly generated seed and Trezor has also warned that a new wave of emails could emerge in the coming days, meaning customers need to remain vigilant.
The leak of email addresses is most harmful in the fact that the emails are now likely to receive increased phishing attempts. If you use your device correctly it should not affect you. Please follow best practices for data protection and use disposable email addresses for subscriptions or orders.
MailChimp’s chief information security officer Siobhan Smyth added:
“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”