HQ/EMEAFind out how we can help your business
A hacker breached the Ethereum mailing list provider, allowing it to distribute phishing emails to about 35,000 individuals.
The phishing emails allegedly include a link to a malicious site that ran a crypto drainer. Ethereum immediately confirmed the incident in a blog post earlier this week, claiming it had no substantial impact on users.
The phishing emails caused by the breach posed as an Ethereum account.
According to reports, a malicious campaign has distributed phishing emails from an address that appears to be from Ethereum. Investigations revealed that the email address is named’ updates@blog.ethereum.org’ and was sent to 35,794 addresses.
The company noted that the threat actor combined their email address list with an extra 3,759 from the platform’s blog mailing list. However, only 81 exported addresses were previously unknown to the attacker.
The phishing messages urged its recipients to access the malicious website by announcing a collaboration with Lido DAO and offered a 6.8% annual percentage yield (APY) on staked Ethereum.
However, when customers clicked on the ‘Begin staking’ button embedded in the malicious email to acquire the promised investment returns, they were redirected to a fake but professionally designed website that appeared to be part of the promotional campaign.
If users linked their wallets to that site and signed the required transaction, a crypto drainer would empty them, transferring all funds to the attacker.
On the other hand, the company claims that its internal security team initiated an investigation as soon as feasible to identify the attacker, determine the objective of the attack, establish a timeframe, and identify the affected parties.
The attacker was soon prevented from sending any additional emails, and Ethereum created a post on a social media platform to inform the community about the phishing emails, urging everyone not to access the link embedded in the messages.
The company also added the malicious link to several blocklists, causing it to be blacklisted by major Web3 wallet providers and Cloudflare. Furthermore, a recent on-chain transaction analysis revealed that none of the email recipients fell victim to the trap during the campaign.
Lastly, Ethereum stated that it has taken further precautions and is transferring some email services to other providers to prevent such an incident from occurring again.
