Crypto – BIG

Email marketing firm Mailchimp confirmed over the weekend that hackers breached an internal tool and used it to access 300 user accounts and steal audience data from 102 of those accounts.

The breach was outed first by Trezor (via Bleeping Computer), a company that makes hardware wallets for cryptocurrency. Trezor used Mailchimp to send newsletters to customers.

Following the breach, several customers received phishing emails that appeared to be from Trezor and warned of a “security incident.” The emails prompted users to download a malicious version of Trezor’s app to reset their hardware wallet PIN. If installed, the malicious app could have allowed hackers to steal users’ cryptocurrency.

Mailchimp’s chief information security officer (CISO), Siobhan Smyth, told TechCrunch that the company became aware of the breach on March 26th. Smyth explained that the company a malicious actor accessed a tool used by its customer support staff and account administration teams through a successful social engineering attack — social engineering refers to manipulating people and exploiting human error to gain private information, such as login credentials.

“We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected,” Smyth said in the statement.

Although Mailchimp declined to share with TechCrunch what data hackers accessed in the breach, it did say that the attack targetted customers in the cryptocurrency and finance sectors. Moreover, Mailchimp said that the attackers gained access to API keys for an undisclosed number of customers — those keys potentially allow attackers to send spoofed emails that appear to be from legit Mailchimp customers.

Mailchimp says it has disabled those API keys and they can no longer be used. However, Smyth told TechCrunch that the company received reports that hackers used the information they obtained from user accounts to send phishing campaigns to accounts’ contacts.

Smyth declined to answer TechCrunch’s questions about whether Mailchimp would implement additional security measures. Further, Mailchimp wouldn’t disclose how many other cryptocurrency or finance customers were impacted by the breach.

As it stands, anyone subscribed to newsletters should be on alert for possible phishing scams, especially if subscribed to crypto or finance newsletters. It’s best to avoid clicking any links in emails you receive.

Moreover, MobileSyrup uses Mailchimp for its weekly newsletter but has not seen any indication that it was impacted by the breach.

Source: Bleeping Computer, TechCrunch

The biggest tungsten cube ever to be manufactured has been sold to a crypto investor group by the name of TungstenDAO for the whopping price of roughly $250,000 (about $311,000 CAD).

Manufactured by Willowbrook, Illinois’ Midwest Tungsten Service, the tungsten cube was made as a part meme and part experiment. The dense 14.545-inch cube was created and subsequently sold via an NFT. The sale of the cube can be found on OpenSea.

Tungsten has become a common meme within the world of cryptocurrency. For one reason or another, the crypto enthusiast community at large has latched on to tungsten as the next big meme. Like Gamestop stock, tungsten is becoming a hot commodity and Midwest Tungsten Service is using this to their advantage.

Via a company blog post, the tungsten manufacturer announced the project in which they promised to make the one-ton cube.

“We will make the 14.545” cube, it will weigh approximately 2,000 pounds. This NFT represents a real-world physical cube that will be stored at Midwest Tungsten Service headquarters and owned by the NFT owner. One visit to see/photograph/touch the cube per calendar year will be allowed and scheduled with a Midwest Tungsten Service representative. Unlockable content is required for scheduling and proof of ownership required for entry. The cube will be stored in a room of its own that will be locked and only accessible by the NFT owner.

Subsequent owners of the NFT cannot visit the cube in a year in which the cube has already been visited. The cube will not be available to view until 12 weeks after the first sale. Burning the NFT will result in a shipment to the most recent owner via freight truck, owner will be responsible for alerting Midwest Tungsten Service of the intention to burn and transport after freight drop-off.”

If you’re confused as to why TungstenDAO would spend roughly $250,000 (or more accurately 56.9 ETH), you’re not alone.

There’s not a clear motive of what the group plans to do with the NFT. TungstenDAO could simply be leaning heavily into the meme, as we’ve seen others do during the Gamestop stock boom.

Via: The Verge