Hackers Hijacked Crypto Wallets With Stolen MailChimp Data

On Monday, the company followed up with users, publishing a blog in which they provided substantially more information on the phishing campaign. The scheme used sophisticated tactics, including a phony Trezor lookalike app that prompted users for their seed—the string of randomly generated words that act as the crypto wallet’s passkey. Targets of the phishing campaign would receive an email telling them that Trezor had been hit with a “security incident” and that if they were receiving the email they should download an updated version of the Trezor Suite app. The phishing note read, in part:

“Trezor has experienced a security incident involving data belonging to 106.856 of our customers, […] If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet.”

The user would then be asked to click a link to download the lookalike app and to “connect your wallet and enter your seed.” If the user fell for this message and entered their seed on the phony app, hackers would have likely stolen the contents of their wallet, Trezor has said.

It’s unclear how much data was stolen during the MailChimp hack or if other crypto companies have (or will) been targeted with phishing attempts, aside from Trezor.

“We are currently investigating how many customers might have been affected following an insider compromise of a newsletter database hosted on Mailchimp,” Trezor said, in their blog.

An earlier version of this story mistakenly referred to the crypto wallet mentioned in this story as Trezor Hardware. The actual name is merely Trezor, by Satoshi Labs.

READ MORE HERE