Ethereum Email Newsletter Compromised, Phishing Emails Sent to 35,000 Addresses
On July 6, 2024, it was reported that attackers compromised Ethereum’s email marketing provider and sent phishing emails to 35,000 recipients. The emails contained a link to a malicious website designed to steal cryptocurrency through malware.
According to an official statement on Ethereum’s blog, the incident occurred overnight on June 23, when emails from [email protected] were sent to 35,794 addresses. The attackers used their own list of email addresses along with 3,759 addresses exported from the platform’s blog newsletter. Of these, only 81 addresses were previously unknown to the attackers.
Details of the Phishing Attack
The phishing email invited users to visit a malicious website, claiming a partnership with Lido DAO and offering an attractive 6.8% annual yield. Those who attempted to claim the promised yield were directed to a fake but professionally designed site that appeared to be part of a promotional campaign. If a user connected their wallet and confirmed a transaction, the malware would drain their wallet, sending all assets to the attackers.
Ethereum’s Response and Investigation
Ethereum representatives stated that their internal security team immediately launched an investigation to identify the attacker, understand the motive, determine the timeline, and identify affected parties. The attackers’ ability to send further emails was quickly blocked, and Ethereum used X (formerly Twitter) to warn the community about the malicious emails, advising everyone not to click on any links.
Additionally, the malicious link was added to multiple blacklists, resulting in it being blocked by Cloudflare and most Web3 wallet providers. Transaction analysis showed that none of the phishing email recipients fell victim to the scam.
Preventive Measures
In conclusion, Ethereum reported that it has taken additional security measures and is migrating some email services to other marketing providers to prevent similar incidents in the future.