Hackers Use Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams

According to a revelation by Bleeping Computer, Mailchimp, an email marketing provider, was hacked on March 26th. When a customer support tool was hacked, the organization became aware of the hostile occurrence. Mailchimp was bought by Intuit, a financial software company, in September 2020.

Mailchimp says it was hacked. According to Siobhan Smyth, their chief information officer, “an external actor” used what they call a social engineering attack to get employee credentials. The result? Those credentials were used to access 319 MailChimp accounts and export the mailing lists that belonged to 102 accounts.

Mailchimp’s chief information security officer, Siobhan Smyth, was quoted as stating, “The event was distributed by an external actor who successfully performed a social engineering assault on Mailchimp staff, resulting in employee credentials being stolen.”

 Despite Mailchimp’s claims that it responded immediately to deny access to the hacked employee account, the stolen credentials were used to log into 319 MailChimp accounts and export the email lists for 102 of them.

The identity of the unknown actor is still unknown, however, they acquired access to API keys for an undefined number of clients.

The attackers were unable to initiate “email-based phishing attacks” against these consumers as a result of this.

Following the hack, the firm is advising consumers to implement two-factor authentication to better protect themselves from account takeover assaults.

Trezor, a cryptocurrency wallet provider, is looking into a “possible security problem originating from an opt-in email housed on Mailchimp.”

The offender may have used stolen data to send “rogue emails” to subscribers who had signed up for a Mailchimp newsletter claiming that there had been a security breach.


“This assault was evidently planned meticulously and is astounding in its sophistication,” Trezor stated. This phishing email included a link to a phishing site where you could download what was supposed to be the Trezor Suite.

However, the attacker stole funds from unwary receivers who linked their encrypted wallets and input their seed into the malicious application.

The phishing application was a “passable clone” of the Trezor Suite web-based client, according to researchers. Mailchimp has verified that an insider targeting crypto firms have penetrated their service,” Trezor tweeted afterward.

“We have taken the phishing domain [trezor.us] down,” the business said in a statement, advising customers not to read any emails from it until further notice.”

The American corporation hasn’t said if the hack was carried out by an “insider” or not. At this time, it’s still unknown how many additional cryptocurrency platforms and financial institutions have been affected by the hack.

Decentraland, a 3D virtual world browser-based platform, is the second verified victim of the Mailchimp data breach, having revealed on Monday that user email addresses were exposed in the attack.

Frontiers Digital is the third verified victim of the Mailchimp data leak.