As SecurityLab previously reported, last weekend many users of Trezor hardware wallets began receiving fake data leak notifications by email. The notifications said that users should reset the PIN codes of their wallets, for which they allegedly need to install a new version of the Trezor Suite software. After installation, the fake software stole the seed phrase to restore the wallet and passed it to the attackers.
Later, representatives of Trezor reported that phishing messages were sent from the MailChimp platform, compromised by an insider who attacked cryptocurrency companies.
MailChimp Information Security Director Siobhan Smyth confirmed to TechCrunch that the platform discovered the hack on March 26, 2022. The attackers gained access to a tool used by technical support staff and the account administration team. MailChimp itself has become a victim of fraud using social engineering techniques aimed at its staff. As a result, the scammers managed to get the credentials of one of the employees.
According to Smythe, the company disabled the compromised employee account access to the corporate network and took additional measures to prevent the attack from spreading to other employees.
“When we become aware of any unauthorized access to an account, we immediately notify its owner and immediately take measures to prevent further access. We also recommend that our users enable two-factor authentication and other account and password security settings,” Smythe said.
According to BleepingComputer, the attackers compromised 319 MailChimp accounts and exported “audience data” from 102 client accounts. In addition, they gained access to the API keys of an unknown number of users, and the company had to disable them.
Using API keys, attackers could carry out phishing attacks even without access to the MailChimp client portal.
Currently, the company has already notified affected users in the cryptocurrency and financial sector.