If you use Trezor’s cryptocurrency wallet, watch out: Hackers are exploiting a data breach at email marketing provider Mailchimp to send phishing emails to Trezor users.
Trezor today sounded the alarm about the phishing messages, which tell recipients that Trezor experienced a “security incident” and ask them to download a new Trezor Suite app. But in reality, the app is a malicious program designed to loot the cryptocurrency funds of users, Trezor parent company SatoshiLabs warned in a blog post.
“This attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app,” the company added.
According to SatoshiLabs, the hackers behind the phishing attacks obtained user emails by compromising a “newsletter database” at Mailchimp.
Mailchimp today confirmed that a breach occurred on March 26. Using social engineering tactics, the attackers tricked Mailchimp customer support employees into handing over their login credentials.
“Based on our investigation, we believe that about 300 Mailchimp accounts were viewed and audience data was exported from 102 of those accounts,” Mailchimp CIO Siobhan Smyth told PCMag in a statement. “Our findings show that this was a targeted incident focused on users in industries related to cryptocurrency and finance, all of whom have been notified.”
Smyth didn’t say how many email addresses in total were exposed. But it might be considerable, given that Mailchimp’s whole business involves helping brands send out effective marketing emails to internet users.
Mailchimp added the hack may have exposed a vulnerability in API keys for some customer accounts. “Out of an abundance of caution, we disabled those API keys, implemented protections so they can’t be re-enabled, and notified affected users,” Smyth added. “We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers.”
The incident is reminder to be on guard against phishing scams. SatoshiLabs added that it’s already taken down many of the malicious domains hosting the recent wave of phishing emails, but warned that more spoofed emails could be inbound.
“We are currently looking into a solution that will improve the security of our newsletters going forward, and we have suspended any email communication until we have more information about the attack,” the company added.