Hackers Use Mailchimp Internal Tool for Crypto Phishing Scam
Marketing automation platform Mailchimp has confirmed that it suffered from an attack that saw hackers breach an internal marketing tool to gain access to customer data. The data was then used to target users of a cryptocurrency wallet service.

According to TechCrunch, Mailchimp became aware of the intrusion on Saturday, 26 March when it identified unauthorised access to a tool used by the platform’s customer support and account administration teams. The hackers conducted a social engineering attack to exploit human flaws in the security system and compromise accounts used by the company’s staff. And despite Mailchimp’s efforts to immediately terminate the compromised accounts, the intruders were still able to gain access to around 300 Mailchimp user accounts and steal audience data from 102 of them.
“We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected,” said Mailchimp CISO Siobhan Smyth.
Mailchimp refused to disclose what data was accessed but told TechCrunch that the hackers were after accounts in the crypto sector. This was seemingly confirmed by the attack that followed, which saw users of hardware cryptocurrency wallet Trezor receiving phishing emails.
The emails reportedly told the targeted users that their accounts were compromised and they had to download a cloned version of the Trezor app to set up a new wallet PIN. The malicious software would then send the data back to the hackers, giving them access to victims’ crypto wallets.
Trezor uses Mailchimp to send newsletters to its users. Mailchimp has yet to say how many other crypto services or financial institutions were affected by the breach. It has, however, already informed the owners of the compromised accounts about the incident. Decentraland, the browser-based metaverse platform, for instance, has already issued a warning to its users, asking them to stay alert against malicious emails.
Mailchimp also didn’t say what additional security measures it will implement to prevent future attacks.
Mailchimp has confirmed that it suffered from an attack that saw hackers breach an internal marketing tool to gain access to customer data. The data was then used to target users of a cryptocurrency wallet service.
Trezor users received phishing emails that said their accounts were compromised and they had to set up their wallet PIN again via malicious software.
Mailchimp did not say how many other crypto services or financial institutions were affected by the incident.