Mailchimp Phishing Attack Results in Potential Hit on 100K Trezor Crypto Wallets

Mailchimp Phishing Attack Results in Potential Hit on 100K Trezor Crypto Wallets Stolen client data from Mailchimp put customers of the cryptocurrency hardware wallets on notice of potential social engineering attacks claiming to be Trezor.

This week, email marketing company Mailchimp announced this week a data breach on March 26 after it discovered a threat actor using compromised credentials to gain access to the company’s internal customer support tools. In total, audience data was stolen from 102 customers in the finance and cryptocurrency sectors – likely to be used to phish the customers of those 102 companies.

Over the weekend, crypto hardware wallet maker Trezor emailed its customers informing them of the compromise and provided instructions to customers to update their Trezor Suite:

“Trezor has experienced a security incident involving data belonging to 106.856 of our customers, […] If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet.”

Trezor also posted tweets about their data being compromised on April 3^rd, warning customers that they would not be communicating via email to the time-being until the situation is resolved.

We will not be communicating by newsletter until the situation is resolved.
Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity. 2/
— Trezor (@Trezor) April 3, 2022

The initial Mailchimp compromise began as a phishing attack. According to their statement about the attack, “The incident was propagated by a bad actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”

This attack is an unfortunate example of the potential ripple effect a single phish can have. While Trezor customers appear to have remained unscathed, you can see how a one user falling for a phishing attack could have impacted thousands of individuals and businesses. It’s why we’re so passionate about Security Awareness Training here at KnowBe4 – by training users to be vigilant at all times when interacting with emails, the risk of falling for social engineering tactics employed within a phishing attack is much lower, resulting in an equally lowered success rate for the initial attack itself.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here's how it works: