Intuit, Mailchimp Hit with Class Action Lawsuit Over Trezor Crypto Wallet Hack

New to ClassAction.org? Read our Newswire Disclaimer

Mailchimp and parent Intuit, Inc. face a proposed class action after an employee allegedly fell victim to an email phishing scam that ultimately allowed cybercriminals to steal some Trezor cryptocurrency wallet users’ assets.

The 21-page lawsuit, filed on April 22 in California, scathes that although the “cyberattack” on Trezor Suite users was sophisticated, the phishing scam that preceded the event was not, and could have been prevented had Mailchimp, an automated email marketing service, and Intuit taken reasonable measures to protect their systems. 

According to the complaint, Mailchimp and Intuit, who provide Trezor’s opt-in newsletter, “fell victim to one of the oldest cybertricks in the book” when an employee supposedly clicked on a malicious link in a phishing email and allowed unknown hackers to access Trezor’s email list. From there, the case says, the hackers, using a “cloned” version of the platform, were able to “pilfer” Trezor users’ cryptocurrency from their accounts, resulting in millions of dollars in losses. 

Per the lawsuit, the Illinois-based plaintiff’s cryptocurrency was valued at more than $80,000 at the time of the theft. 

As the suit tells it, the hackers’ phishing scheme was predicated on knowing the email addresses of Trezor platform users, who on the evening of April 2, 2022 received an email that stated, in relevant part, that their data had been compromised and that their crypto was “at risk of being stolen.” This email was sent from noreply@trezor.us, the case says. 

The lawsuit states that the phishing email directed Trezor users to “https://suit.trẹzor.com,” a false URL that mirrored Trezor’s actual website, to secure their account. Most users did not notice, however, that there was an underdot under the letter “e” in the fraudulent Trezor website, the complaint says. 

Upon going to the fake Trezor site, users would be prompted to download a new version of the Trezor Suite desktop app, the case says. In the process, they would have given the hackers access to their crypto wallets and, crucially, their recovery seeds, which allow someone to recover their wallet should their device be stolen or lost, the lawsuit relays. 

“Such credentials would give the hackers plenary control of a user’s Trezor Suite account and the cryptocurrency contained within the offline wallets associated with these accounts,” the filing says. 

Per the lawsuit, Trezor described the attack as “exceptional in its sophistication and … clearly planned to a high level of detail,” as the cloned version of its platform “presented realistic functionality to anyone who installed it.” 

The lawsuit alleges Mailchimp and Intuit disregarded proposed class members’ rights by “intentionally, willfully, recklessly, or negligently” failing to take reasonable and adequate measures to ensure that their systems were protected. 

“Indeed, Defendants confirmed that hackers used an internal employee tool to steal data from more than 100 of their clients—with the data being used to mount phishing attacks on the users of other cryptocurrency services,” the complaint says. 

According to the lawsuit, Trezor notified victims of the cyberattack via email on April 14, 2022. The notice stated that data stolen in the attack included user email addresses, IP addresses and approximate locations based on their internet provider, the case relays.

The suit says that although Mailchimp and Intuit became aware of the Trezor data breach on March 26, 2022, a week before the phishing emails were sent, they did nothing to inform Trezor users of the risks. 

“It was only after Trezor pressed Defendants that any alarm was raised,” the case alleges. 

The lawsuit looks to cover all persons in the United States who received the unauthorized April 2, 2022 Trezor-branded email informing them of a purported data security incident and who lost cryptocurrency as a result. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.