Stolen client data from Mailchimp put customers of the cryptocurrency hardware wallets on notice of potential social engineering attacks claiming to be Trezor.

This week, email marketing company Mailchimp announced this week a data breach on March 26 after it discovered a threat actor using compromised credentials to gain access to the company’s internal customer support tools. In total, audience data was stolen from 102 customers in the finance and cryptocurrency sectors – likely to be used to phish the customers of those 102 companies.

Over the weekend, crypto hardware wallet maker Trezor emailed its customers informing them of the compromise and provided instructions to customers to update their Trezor Suite:

“Trezor has experienced a security incident involving data belonging to 106.856 of our customers, […] If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Trezor Suite and follow the instructions to set up a new PIN for your wallet.”

Trezor also posted tweets about their data being compromised on April 3rd, warning customers that they would not be communicating via email to the time-being until the situation is resolved.


The initial Mailchimp compromise began as a phishing attack. According to their statement about the attack, “The incident was propagated by a bad actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”

This attack is an unfortunate example of the potential ripple effect a single phish can have. While Trezor customers appear to have remained unscathed, you can see how a one user falling for a phishing attack could have impacted thousands of individuals and businesses. It’s why we’re so passionate about Security Awareness Training here at KnowBe4 – by training users to be vigilant at all times when interacting with emails, the risk of falling for social engineering tactics employed within a phishing attack is much lower, resulting in an equally lowered success rate for the initial attack itself.