Phishing Attack Targeting Mailchimp Users in Crypto

Mailchimp, an email marketing giant, fell victim to a phishing attack where threat actors stole data from over 100 of the company’s clients. They broke into the services of the email marketing company and leveraged the data to mount phishing attacks on the cryptocurrency platform users.

The primary target of the attack was the users of the Trezor hardware wallet.

Reportedly, an employee’s account at the company was compromised, which led to the breach. However, this breach was a small part of a big act. The compromised internal tool of Mailchimp allowed the hackers to access the email list, which they used to send a fake notification about the breach. The attack was highly sophisticated as the breach was only the first step.

What Happened in the Attack?

In the earlier notification, a user of Mailchimp, Trezor hardware cryptocurrency wallet tweeted about being attacked by sophisticated phishing emails. Later, Mailchimp confirmed the attack through the press about their email database being compromised. 

“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers“

Siobhan Smyth – CISO (Mailchimp)

The breach was discovered in the last week of March when the company discovered unauthorized access to the tool in a system used by account administration and the customer support team. Even after the deactivation of the compromised account of the employee, the hackers were able to access over 300 Mailchimp users’ accounts and obtain data from around 102 customers.

The threat actors used the email list to send fake notifications of the breach to the customers of Trezor. In the same notification, they prompt users to download the new and updated version of the Trezor Suite desktop application. The email directed the users to a phishing website that hosted the fake application. This fake application was meant to give hackers access to crypto wallets. However, there is no report of funds being stolen during the attack.

Actions Taken by Mailchimp

Mailchimp’s CISO has been notified of the breach since March 26. After identifying the compromised employee’s account, the company deactivated it to contain the attack. He also apologized for the same and assured the company’s users that they would incorporate better infrastructure, security culture, and trust from the users. The company will continue to focus on the protection of consumers’ data.

In the blog post by Trezor, it was mentioned that the attack was highly sophisticated and the attackers have planned to the utmost detail. The cloned application of the Trezor suite was realistically functional. However, the developers of the Trezor wallet, SatoshiLabs, have not responded to this incident.

As of now, it has been concluded that threat actors have the data of the users. And the users of Trezors are already exposed to their data (primarily email contact details) and the type of crypto software and hardware. 

Cybersecurity Awareness is the Key to Prevention of Attacks

The breach on the Mailchimp system was led through the compromised account of an employee because of human error. Thus, employee awareness is extremely important to prevent such attacks. Every organization must inculcate cybersecurity awareness training for employees as a part of their security framework and regulatory policies.