Major cryptocurrency hardware wallet producer Trezor warned that all the users that are registered to its newsletter should expect to be targeted by phishing attacks—but not only Trezor customers are affected.
Trezor warned in a Sunday tweet that it was investigating “a potential data breach of an opt-in newsletter hosted on Mailchimp” and that users should avoid opening emails from “email@example.com.”
The company explained that its marketing and automation email management software Mailchimp was compromised by an insider who was targeting cryptocurrency companies. Trezor took down the phishing domain and recommended that users ensure they “are using anonymous email addresses for bitcoin-related activity.”
According to a Monday TechCrunch report, Mailchimp confirmed a data breach after hackers compromised an internal tool to access customer accounts, which goes to show that not only Trezor and its users are affected by the breach. The company’s chief information security officer Siobhan Smyth said that the company became aware of the breach on March 26, after identifying a malicious actor that was able to use a tool meant for internal company use to access customer accounts.
Attackers gained access to the systems through social engineering, meaning that instead of compromising software, they were able to mislead people involved in the company in ways that allowed them to access Mailchimp’s internal tool. The firm claims that it “acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected.”
Despite this, hackers were able to view about 300 Mailchimp accounts and exported the audience data from 102 of those—targeting customers in the cryptocurrency and finance sectors. Furthermore, the attackers also gained access to application programming interface (API) keys for an unspecified number of customers, which allows them to potentially send emails that appear as if the customer sent them.
What Users Should Expect
Fortunately, those API keys have now been disabled, but cryptocurrency users should anticipate receiving phishing emails carrying malware or attempting to extract credentials such as emails, passwords, or even private keys or recovery words for wallets containing cryptocurrencies such as Bitcoin. These emails could have been potentially sent by addresses owned by companies that the users trust through Mailchimp’s APIs.
Furthermore, since the APIs were deactivated, the hackers have no easy way to continue using the official email addresses of the compromised crypto and financial firms. Still, attackers have the email addresses of hundreds of users involved with those companies so phishing emails coming from different email addresses—presumably often impersonating trusted companies that users are familiar with—should be expected.
By Adrian Zmudzinski
© 2021 The Epoch Times. The Epoch Times does not provide investment advice. All rights reserved.