Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Mailchimp hack potentially leading to crypto wallet thefts

Email marketing firm Mailchimp confirms that hackers used one of its own internal tools to access accounts of customers working in finance and cryptocurrency — and a follow-up attack could lead to crypto wallet draining.

In total, some 319 Mailchimp accounts were reportedly viewed, and data from 102 of them was downloaded. Among the affected users was the Trezor cryptocurrency app, which has since tweeted advice for its customers.

Trezor goes into further detail in a blog post which says the hacker or hackers gained access through targeting Mailchimp employees with a social engineering attack.

In the case of Trezor, its Mailchimp account was then used to contact users of the cryptocurrency wallet service. Calling the attack "exceptional in its sophistication," Trezor says the fake email directed users to download what was a "very realistic" clone of the Trezor Suite wallet app.

Users who downloaded this fake update and then entered their cryptocurrency seed information into the app, could lose funds.

According to Bleeping Computer, Mailchimp's Chief Information Security officer Siobhan Smyth says the company has warned the affected users.

Watch the Latest from AppleInsider TV

"On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration," Smyth told the publication. "The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised."

"We acted swiftly to address the situation," continued Smyth, "by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected."

Mailchimp is only the most recent of many firms to be hacked. At the end of March 2022, Apple Health code was reportedly stolen by the Lapsus$ group.



2 Comments

ihatescreennames 20 Years · 1988 comments

In the case of Trezor, its Mailchimp account was then used to contact users of the cryptocurrency wallet service. Calling the attack "exceptional in its sophistication," Trezor says the fake email directed users to download what was a "very realistic" clone of the Trezor Suite wallet app.

This is an example of how side-loading can be detrimental to users. Tricking someone to download a clone of an app they already have would be more difficult on the iOS App Store. 

As I mentioned in a different thread, someone like my MIL would be easily fooled by this type of social engineering. She frequently has issues on her Mac that she never has on her iOS devices. 

5 Likes · 0 Dislikes
cgWerks 9 Years · 2947 comments

ihatescreennames said:
As I mentioned in a different thread, someone like my MIL would be easily fooled by this type of social engineering. She frequently has issues on her Mac that she never has on her iOS devices. 

Yeah, hopefully people - even at a beginner level in crypto - wouldn't fall prey to this, but they probably will. If something is asking for your seed-phrase, EVERY alarm bell in existence should be going off. But, the core principal of never clicking any important link en emails needs to be much more widely taught.

2 Likes · 0 Dislikes