Hackers compromised Ethereum mailing record and launched a crypto draining assault
July 05, 2024
Hackers compromised Ethereum ‘s mailing record supplier and despatched phishing messages to the members making an attempt to empty their crypto funds.
Hackers compromised Ethereum’s mailing record supplier and on the night time of June 23, they despatched an e-mail to the 35,794 addresses. The e-mail was despatched from the tackle ‘[email protected]’ and included a hyperlink to a malicious website operating a crypto drainer.
“This website had a crypto drainer running in the background, and if a user initiated their wallet and signed the transaction requested by their website their wallet would have been drained.” reads the incident discover revealed by Ethereum.
The message was crafted to trick the recipient into visiting a malicious web site by asserting a collaboration with Lido DAO and providing a 6.8% annual share yield (APY) on staked Ethereum.
The interior safety group shortly launched an investigation into the safety breach. The group is notifying customers through X and e-mail and secured the infrastructure to forestall related assaults sooner or later.
The safety group additionally submitted the malicious hyperlink to blacklists, leading to it being blocked by most web3 pockets suppliers and Cloudflare.
The risk actors despatched phishing messages to addresses included in a big e-mail record and three,759 e-mail addresses exported from the weblog mailing record. Amongst these, 81 have been new to the attacker. On-chain transaction analysis indicated that no funds have been misplaced throughout this particular marketing campaign.
“As we continue working on this incident, we have taken additional measures such as migrating some mail services to other providers, to further help reduce the risk of this happening again.” concludes the discover.
Pierluigi Paganini
Comply with me on Twitter: @securityaffairs and Fb and Mastodon
(SecurityAffairs – hacking, phishing)