While the names of the compromised businesses haven't been disclosed, all of these firms are said to be in the finance and digital assets sector, prompting fears of a slew of copycat attacks.
A sophisticated phishing attack that targeted Trezor customers may be far more widespread than previously thought — and other crypto businesses could be hit.
MailChimp, a company that offers email marketing to clients, has confirmed that some of its employees have fallen victim to a social engineering attack.
In a statement to Bleeping Computer, an executive said 319 Mailchimp accounts were accessed without authorization… and mailing lists were stolen from 102 of them.
While the names of the compromised businesses haven't been disclosed, all of these firms are said to be in the finance and digital assets sector — prompting fears that a slew of copycat attacks could be on the horizon.
One user who received the scam email that masqueraded as Trezor described it as "the best phishing attempt I've seen in years," and expressed fears they would have fallen victim to the fraudsters if they had been one of its customers.
Monday saw Trezor offer a further update on what happened, with the hardware wallet manufacturer warning it is still trying to ascertain how many people were affected.
The company explained that those who clicked on the phishing email were told that their cryptoassets were at risk of being stolen, and were asked to download an app that imitated Trezor Suite. From here, they were told to connect their wallet and insert their seed phrase, which would allow the attackers to drain the account and transfer funds to their own accounts. The statement warned:
"This attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app."
Listen to the CoinMarketRecap podcast on Apple Podcasts, Spotify and Google Podcasts
What to Do if You Got the Email
Trezor says that those who opened the email are not in danger unless they typed their seed phrase into the malicious app — and the company stressed that all users should "never enter their seed anywhere unless their Trezor device tells them to."
Those who have are being urged to immediately move their assets to a newly generated seed — and Trezor has also warned that a new wave of emails could emerge in the coming days, meaning customers need to remain vigilant.
While the MailChimp exploit doesn't put funds at risk, the company conceded:
"The leak of email addresses is most harmful in the fact that the emails are now likely to receive increased phishing attempts. As long as you use your device correctly it should not affect you. Please follow best practices for data protection and use disposable email addresses for subscriptions or orders."
MailChimp's chief information security officer Siobhan Smyth added:
"We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers. We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We're confident in the security measures and robust processes we have in place to protect our users' data and prevent future incidents."
