Representation of cryptocurrency Bitcoin is seen in this illustration taken November 29, 2021.
Representation of cryptocurrency Bitcoin is seen in this illustration taken November 29, 2021.

Email marketing platform Mailchimp has confirmed that hackers used an internal tool to steal data from more than 100 of its clients to target the users of Trezor crypto wallets.

According to a blog post shared by Trezor on Monday, the Mailchimp security team has disclosed that a malicious actor accessed an internal tool used by its team for customer support and account administration.

The phishing email contains a link to download a Trezor Suite lookalike app that asks the receivers to connect their wallet and enter their seed. The seed is compromised once the user enters it into the app, and their funds will then be immediately transferred to the attackers' wallets.

The blog post revealed the phishing message containing the link to the malicious app that states: “Trezor has experienced a security incident involving data belonging to 106.856 of our customers, […] If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet.”

It is believed that over 100 users have fallen prey to the scam. The amount of cryptocurrency stolen from those tricked is not known yet.

“We immediately took steps to disable phishing sites and are taking further steps to stop the continuation of this phishing attack," Tomáš Sušánka, CTO of Trezor, said.

Illustration shows representation of cryptocurrency Bitcoin

Photo: Reuters / DADO RUVIC