An exploit of MailChimp's newsletter database has resulted in Trezor users being targeted by a malicious phishing scam. The compromise was allegedly perpetrated by a MailChimp "insider," Trezor reported.
Trezor is a hardware crypto wallet provider, meaning anyone can use Trezor to put their crypto into "cold storage." Putting crypto in cold storage takes it offline; usually, this is to secure it from cyber theft.
The wallet provider gives users a recovery seed of between 12 and 24 words that allows them to recover the wallet's contents if their physical device is lost or stolen. However, should an attacker discover this seed, they can gain access to the wallet (and the crypto holdings) without needing the device.
On Sunday, Trezor tweeted that it was "investigating a potential data breach of an opt-in newsletter hosted on MailChimp" and told users to "not open any email originating from noreply@trezor.us, it is a phishing domain."
AD
AD
We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp.
A scam email warning of a data breach is circulating. Do not open any email originating from noreply@trezor.us, it is a phishing domain.
Shortly after, Trezor confirmed that MailChimp had "been compromised by an insider targeting crypto companies."
In a short thread, the company explained that it had "taken the phishing domain offline" and "will not be communicating by newsletter until the situation is resolved."
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/
Yesterday, Trezor shared a follow-up blog post about the phishing attacks. It describes them as "ongoing" and includes screenshots of the malicious phishing email. The post also contains guidance for affected users.
It is currently unclear whether any funds have been successfully stolen in the scam.
Phishing attacks are relatively easy for cybercriminals to pull off because if the phishing site or correspondence looks convincing, users can involuntarily end up sending their details to malicious actors. In the Trezor case, the actor was a Mailchimp "insider."
Last month, several users of the popular NFT marketplace OpenSea reported having NFTs and Ethereum stolen from their wallets in an attack that looted $1.7 million in crypto.
OpenSea CEO David Finzer said the team doesn't "believe it's connected to the OpenSea website" and that some 32 users had "signed a malicious payload from an attacker" that looked like official correspondence but was a phishing scam.
