2 k

Mailchimp Faces Class-Action Lawsuit over Trezor Phishing Attack

An aggrieved Trezor user has filed a class-action lawsuit against Intuit which is the parent company of Mailchimp. Trezor users previously reported phishing attacks as part of a breach of a Mailchimp newsletter database.

Levinson v. Intuit

Earlier this month, Trezor, a producer of hardware wallets, launched an investigation into phishing attacks targeting its users. This was due to a data breach involving Mailchimp’s services.

Alan Levinson, a Trezor user, reportedly lost $87,000 worth of cryptocurrency from his Trezor wallet as a result of the recent hack. As a result, Levinson filed a class-action lawsuit against Intuit, alleging that the company failed to protect Mailchimp’s infrastructure. According to the lawsuit, the hackers were able to steal cryptocurrency from several users’ accounts, incurring millions in losses.

Levinson Alleges Insider Involvement

The lawsuit claims that a Mailchimp representative could be responsible for the cyberattack. According to the filed case, the representative clicked on a malicious link that exposed its data. This is to say the hacker’s strategy leveraged the knowledge of Trezor clients’ email addresses. 

Levinson’s case suggests that the attackers obtained the email addresses of the hardware wallet users via a breach of the company’s service providers, Mailchimp and Intuit. Equally, the lawsuit states that the phishing email instructed users to visit a phony URL to protect their accounts. 

Defendants fell victim to one of the oldest cybertricks in the book,” says Levinson. 

Not only is Levinson holding Intuit responsible, Levinson’s suit formally holds Intuit’s subsidiary Rocket Science Group just as accountable. Mailchimp belongs to Rocket Science Group, which also trades under the brand.

Trezor Acknowledges Previous Breaches

Prior to the incident, Trezor reported that the email marketing provider Mailchimp had been continuously infiltrated over several months. The first incident took place in February, but there was no compromised data.

Likewise, Trezor suggested previous attacks targeted other crypto companies with similar methods. However, the last attack appears to have targeted only Trezor. Furthermore, the wallet company stated that they would begin the transition to a new mailing platform, as Mailchimp will be abandoned.

Of late, the crypto industry has seen a huge spike in scams. In 2021 alone, scammers stole a staggering $14 billion in cryptocurrency, owing partly to the rapid adoption rate of DeFi. SlowMist, a blockchain security startup, announced this week that some Terra users lost around $4.3 million in cryptocurrency as a result of a phishing scam.

Bitcoin live price
price change

Accordingly, a phishing scam only recently ripped a Metamask user of more than $650,000.

Stay up to date with our latest articles