Crypto Mining News Daily

Saturday, July 13, 2024
HomeSecurityEthereum Foundation's Email Account Hacked, Used to Promote Phishing Scam

Ethereum Foundation’s Email Account Hacked, Used to Promote Phishing Scam


The Ethereum Foundation’s “update” email account was hacked and used to promote a phishing scam, according to a blog post from the foundation. The hack occurred on June 23 and resulted in 35,794 scam emails being sent to the foundation’s subscribers and other individuals using its official email address.

The emails contained a fake announcement stating that the Ethereum Foundation had partnered with the Lido decentralized autonomous organization (LidoDAO) to offer 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether (ETH). The email told subscribers that staking would be “Protected and Verified by The Ethereum Foundation.”

However, clicking the “Begin Staking” button in the email directed users to a malicious web app, which advertised itself as a “Staking Launchpad.” If users had approved the transaction from within this app, their wallet would have been drained.

The Ethereum Foundation responded quickly to the hack by blocking the attacker from sending more emails and closing off the malicious access path the threat actor had used to obtain access into the mailing list provider. The foundation also sent out notices to various blacklists, Web3 wallet providers, and Cloudfare so that users could receive warnings if they attempted to navigate to the malicious site.

After further investigation, the Ethereum Foundation discovered that the attacker had uploaded a database containing new email addresses that were not part of the Ethereum Foundation’s subscriber list. This implies that some users who were not on the list may have nevertheless received the scam emails. Additionally, the attacker exported the blog mailing list email addresses, which was a total of 3,759 email addresses.

Luckily, the attacker appears to have gained no crypto loot from the attack. The foundation stated that analyzing on-chain transactions made to the threat actor between the time they sent out the email campaign and the time the malicious domain got blocked, appear to show that no victims lost funds during this specific campaign sent by the threat actor.

Phishing campaigns are a common way for crypto users to lose their funds. On June 23, a MakerDAO member lost $11 million after making several mistaken token approvals, apparently after interacting with a fake web app. On June 26, a marketing email address for blockchain network Hadera Hashgraph was also hacked to send out scam emails.

The Ethereum Foundation is urging users to be cautious and to never click on links or download attachments from suspicious emails. The foundation is also working to improve its security measures to prevent such attacks in the future.

Source: Cointelegraph


Most Popular

Learn How to Mine Crypto

Join our mailing list and receive a free copy of Crypto Mining 101, our detailed guide on how crypto mining works, must have tools to get started, and how to be successful.

Note: We’ll never sell, trade, or abuse your information, and it’s simple to opt out! Read our Privacy Policy here.