Ethereum

Ethereum Mailing List Breach Exposes 35,000 People to Cryptocurrency Draining Attack

Published

on

A malicious actor compromised Ethereum’s mailing list provider and sent a phishing email to over 35,000 addresses containing a link to a malicious site running a cryptocurrency drainer.

Ethereum disclosed the incident in a blog post this week and said it had no material impact on users.

Attack details

The attack took place on the night of June 23 when an email was sent from the address “updates@blog.ethereum.org” to 35,794 addresses.

Ethereum said that the threat actor used a combination of his own email list and 3,759 additional addresses exported from the platform’s blog mailing list. However, only 81 of the exported addresses were previously unknown to the attacker.

The message lured recipients to the malicious website with an announcement of a collaboration with Lido DAO and invited them to enjoy a 6.8% annual percentage yield (APY) on staked Ethereum.

Malicious email sent to Ethereum holders
Source: Ethereum

By clicking the embedded “Start Staking” button to get the promised investment returns, people were redirected to a professionally designed fake website, designed to appear as part of the promotion.

If users connected their wallets to this site and signed the requested transaction, a crypto drainer would empty their wallets, sending all amounts to the attacker.

Cryptocurrency Draining Site
Source: Ethereum

Ethereum’s response

Ethereum says its internal security team launched an investigation as soon as possible to identify the attacker, understand the purpose of the attack, determine the timeline, and identify the parties involved.

The attacker was quickly blocked from sending further emails and Ethereum took to Twitter to inform the community about malicious emails, warning everyone not to click on the link.

Ethereum also submitted the malicious link to various blocklists, leading to it being blocked by most Web3 wallet providers and Cloudflare.

Analysis of on-chain transactions showed that none of the email recipients fell for the scam during the campaign.

Ethereum concludes by saying that it has taken additional measures and is migrating some messaging services to other providers to prevent such an incident from happening again.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version