- A phishing email containing a link to a malicious website hosting a cryptocurrency drainer was sent to over 35,000 addresses by a threat actor who had gained access to Ethereum’s mailing list provider.
This Monday, Ethereum revealed the incident in a blog post, stating that it had no appreciable effect on users.
Attack specifics
An email with the subject “updates@blog.ethereum.org” was sent to 35,794 addresses on June 23, the night of the attack.
According to Ethereum, the threat actor combined 3,759 email addresses that were exported from the platform’s blog mailing list with their own email address list. Only 81 of the exported addresses, nonetheless, were unknown to the attacker beforehand.
With an announcement of a partnership with Lido DAO and an invitation to benefit from a 6.8% annual percentage yield (APY) on staked Ethereum, the letter enticed recipients to visit the malicious website.
Those who clicked on the “Begin staking” button hidden in the promotion were directed to a phony although expertly designed website in exchange for the promised investment returns.
A cryptocurrency drainer would empty users’ wallets and deliver all funds to the attacker if they connected their wallets to the website and signed the desired transaction.
Ethereum’s reaction
In order to identify the attacker, comprehend the goal of the attack, ascertain the timeframe, and identify the parties impacted, Ethereum claims that its internal security team immediately began an investigation.
Ethereum immediately banned the attacker from sending any additional emails, and the community was alerted about the phishing emails via Twitter, with a warning not to click on the link.
The malicious link was also uploaded by Ethereum to a number of blocklists, which caused Cloudflare and the majority of Web3 wallet providers to block it.
Analysis of on-chain transactions revealed that during the campaign, none of the email recipients fell victim to the scam.
In order to ensure that a similar problem doesn’t occur again, Ethereum says in its conclusion that it has taken additional precautions and is moving some email services to other providers.
Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.