Email marketing firm Mailchimp confirms that hackers used one of its own internal tools to access accounts of customers working in finance and cryptocurrency — and a follow-up attack could lead to crypto wallet draining.
In total, some 319 Mailchimp accounts were reportedly viewed, and data from 102 of them was downloaded. Among the affected users was the Trezor cryptocurrency app, which has since tweeted advice for its customers.
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.— Trezor (@Trezor) April 3, 2022
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/
Trezor goes into further detail in a blog post which says the hacker or hackers gained access through targeting Mailchimp employees with a social engineering attack.
In the case of Trezor, its Mailchimp account was then used to contact users of the cryptocurrency wallet service. Calling the attack "exceptional in its sophistication," Trezor says the fake email directed users to download what was a "very realistic" clone of the Trezor Suite wallet app.
Users who downloaded this fake update and then entered their cryptocurrency seed information into the app, could lose funds.
According to Bleeping Computer, Mailchimp's Chief Information Security officer Siobhan Smyth says the company has warned the affected users.
"On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration," Smyth told the publication. "The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised."
"We acted swiftly to address the situation," continued Smyth, "by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected."
Mailchimp is only the most recent of many firms to be hacked. At the end of March 2022, Apple Health code was reportedly stolen by the Lapsus$ group.