BitMEX Users Caught Up in “Exceptional” Mailchimp Hack

Reading Time: 2 minutes
  • BitMEX users have been caught up in the recent Mailchimp security breach
  • Trezor users received fake security notifications on Monday after hacker’s socially engineered Mailchimp employees
  • The number of impacted Trezor wallets has not been publicized

BitMEX users have been caught up in the Mailchimp hack that affected Trezor customers and which the wallet maker described as “exceptional” in its planning and execution. The BitMEX customer base received an email from the exchange yesterday warning that user email addresses may have been acquired by the Mailchimp hackers after Trezor customers were warned of the same thing on Monday. An investigation has uncovered how hackers were able to breach the Mailchimp database, with the target seemingly being a tool used by Mailchimp’s customer support team which they used to steal the email addresses of newsletter subscribers.

Mailchimp Breach was an “Insider Compromise”

Trezor users were first alerted to the Mailchimp breach over the weekend when they received an email warning them that the communications company had suffered the breach and that users should download new Trezor software. However, this in itself turned out to be part of the hackers’ plan, with the link sending them to a phishing site where the hackers tried to steal the wallet recovery codes.

Trezor confirmed the Mailchimp breach on Monday, stating that it was “investigating how many customers might have been affected” and calling the breach an “insider compromise” of Mailchimp’s servers. Mailchimp itself said that it had detected the breach as far back as March 26, prompting questions of why potentially affected companies and users were not informed:

On March 26, our Security team became aware of a bad actor accessing one of our internal tools used by customer-facing teams for customer support and account administration. The incident was propagated by a bad actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.

Crypto Companies Targeted

Mailchimp says that it found that 319 Mailchimp accounts were viewed and data exported from 102 of those accounts. It also stated that the attack, which Trezor called “exceptional in its sophistication” and “clearly planned to a high level of detail” was a targeted incident focused on users in industries related to cryptocurrency and finance.

BiMEX and Trezor users have been advised to be wary of an increase in suspicious emails as a result of the breach and should confirm actions requested in emails before carrying them out.