The Ethereum Foundation’s official ‘update’ email account was compromised and used to send out a phishing scam on June 23, the foundation revealed in a July 2 blog post
The Ethereum Foundation’s official ‘update’ email account was compromised and used to send out a phishing scam on June 23, the foundation revealed in a July 2 blog post. The foundation has since regained control of the account, halting the spread of malicious emails.
The breach resulted in 35,794 scam emails being sent to the foundation’s subscribers and other individuals using the official email address updates@blog.ethereum.org. Fortunately, the foundation’s investigation concluded that no cryptocurrency was lost in the attack. However, the email addresses of 81 subscribers may have been exposed to the hacker.
The fraudulent emails falsely announced a partnership between the Ethereum Foundation and the Lido decentralized autonomous organization (LidoDAO), promising a 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether deposits. The email misleadingly assured recipients that their staking would be “Protected and Verified by The Ethereum Foundation.”
Recipients who clicked the “Begin Staking” button in the email were redirected to a malicious web application, posing as a “Staking Launchpad.” Within this app, clicking the “Stake” button initiated a transaction designed to drain the user’s wallet if approved.
Upon discovering the malicious emails, the foundation acted swiftly to block the attacker from sending more emails. They also secured the compromised access point to the mailing list provider, preventing further unauthorized access. Additionally, the foundation alerted various blacklists, Web3 wallet providers, and Cloudflare to warn users attempting to visit the malicious site.
Despite the breach, no victims appear to have lost funds. The foundation analyzed on-chain transactions made to the attacker between the time the emails were sent and the malicious domain was blocked. The data suggests that no funds were lost during this phishing campaign.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
