What’s going on with the Mailchimp hack?

5 Apr 2022

Image: © monticellllo/Stock.adobe.com

Crypto wallet company Trezor is one of more than 100 Mailchimp clients impacted.

Mailchimp has been targeted in a hack to steal sensitive customer data.

The company confirmed to press outlets yesterday (4 April) that an unidentified group of hackers had gained access to an internal customer support and account management tool after a successful social engineering attack on Mailchimp employees that saw credentials being compromised.

These credentials were then used to access more than 300 Mailchimp accounts and retrieve data from at least 102 of them, Mailchimp CISO Siobhan Smyth told The Verge.

Crypto and finance companies have emerged as the primary targets of the hack, with Mailchimp client Trezor saying that stolen mailing list data had been used to conduct phishing attacks on its customers.


Crypto wallet company Trezor said on Twitter on Sunday (3 April) that it was “investigating a potential data breach of an opt-in newsletter hosted on Mailchimp” and warned users to not open any emails appearing to come from Trezor until further notice.

Trezor later explained that customers had been sent a phishing email that said the company experienced “a security incident”. It directed them to download a new version of the Trezor Suite application and set up a new PIN for their wallets.

However, it brought customers to a fake lookalike app, designed to allow hackers to steal a user’s seed phrase and access their crypto funds.

Trezor noted that it would not be communicating by newsletter until the situation is resolved and that users should ensure they are using anonymous email addresses for bitcoin-related activity.

“This attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app,” the crypto wallet company wrote in a blogpost.

It is not known yet if any crypto assets have been stolen as a result of the hack, but Trezor confirmed that the company’s hardware device has not been affected and that users can continue using the device after wiping it and creating a new seed.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic