Social engineering was employed by a malicious actor to get access to an internal tool utilized by newsletter distribution service Mailchimp.
Trezor, a cryptocurrency hardware wallet maker, has revealed that its clients are being targeted by phishing assaults after Mailchimp, the company's email automation service operator, was hacked by an insider targeting crypto businesses.
"We're looking into how many customers may have been affected as a result of an insider breach of a Mailchimp newsletter database," Trezor noted in a blog post Monday.
Trezor also highlighted that the attacker is especially targeting crypto-related firms. As a result, on Sunday, its wallet users started receiving phishing emails directing them to a download page for a Trezor Suite similar app.
If an uninformed user falls into this trap, the malicious software will ask for their seed phrase, which is essentially a secret key that grants the culprits complete access to their cryptocurrency assets.
When the seed is entered, it is hacked, and the funds of the users are transmitted directly to the attackers' wallets.
"The sophistication of this attack is outstanding, and it was definitely planned to a high level of precision. The phishing software is a cloned version of Trezor Suite with very realistic capabilities," Trezor explained.
Fortunately, because potential victims must install the virus on their devices, modern operating systems will be able to warn them about the spyware's unknown source.
MailChimp's chief information officer Siobhan Smith said that the company initially learned of the compromise on March 26.
The hackers gained access to audience data from 102 distinct MailChimp clients, implying that Trezor is hardly the only company affected.
The in-browser metaverse platform Decentraland announced on Twitter that its newsletter was one of those hacked.
The phishing domain has already been taken down, according to Trezor. However, if some users have already supplied their seed phrases, they should transfer their crypto to a newly created address right away.
According to Mailchimp's study, the attackers were most interested in acquiring data from consumers in the cryptocurrency and financial industries.
However, for Trezor users and customers of every other company whose data was breached, it's safe to assume that competent malicious actors now have access to the users' email addresses, as well as the crypto hardware and software they're running.
Trezor warns there's still a risk our email accounts have been hacked. Trezor encouraged users to report any new phishing efforts to security@trezor.io.
