Hackers Use MailChimp to Breach Cryptocurrency Platforms

Highlights:

The extracted credentials were utilized to access 319 MailChimp accounts and further export the mailing list of 102 accounts.

Trezor, a cryptocurrency wallet, warned its users not to open any email sent by them until further notice to avoid more damage.

MailChimp, an email marketing service provider, disclosed a data breach that compromised an integrated tool to get illegitimate access to clients’ accounts and stage phishing attacks.

Intuit, a financial software firm that acquired MailChimp in September 2021, told an online publication that it came to know about the incident on March 26, when it understood that a malicious third party was accessing the customer support tool.

Siobhan Smyth, MailChimp’s chief information officer, said, “The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”

While MailChimp mentioned that it was quick to take preventive measures to the situation by terminating access to the breached employee’s account, the extracted credentials were utilized to access 319 MailChimp accounts and further export the mailing list of 102 accounts.

The unknown actor is also believed to have gained access to API keys for an unspecified number of clients. According to the firm, it has been disabled, thus preventing cybercriminals from abusing the API keys to stage email-based phishing campaigns.

In the event of a break-in, the organization has also suggested that clients must implement two-factor authentication to protect their accounts from takeover attacks.

The admission has come close to an announcement by Trezor, a cryptocurrency wallet company, that it is investigating a potential security threat stemming from an opt-in newsletter hosted on MailChimp. The actor had repurposed the stolen information to shoot rogue emails claiming that the organization had faced a security incident.

The fraud email that had a link to upgrade the current Trezor Suite to the latest version hosted on a Phishing site provoked unsuspecting recipients to connect their wallets and enter the seed phrase on an application similar to trojanized, enabling the adversary to transfer the funds to a wallet under their control.

Trezor explained, “This attack is exceptional in its sophistication and was clearly planned to a high level of detail. The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app.”

Additionally, Trojan also tweeted, “Mailchimp have confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain [trezor.us] offline,” which warned its users to avoid opening any emails from the company until further notice.

The American enterprise has not yet cleared whether an insider carried out the attack. There is no clarity about how many other cryptocurrency platforms and financial organizations became a victim of the incident.

Decentraland, a 3D virtual world browser-based platform, confirmed the second breach casualty. It revealed that its “newsletter subscribers” email addresses were leaked in a Mailchimp data breach.”