The Ethereum Foundation announced Tuesday that its email account used for updates was hacked on June 23 to promote a phishing scam. However, the foundation has since regained control of the account, putting an end to the distribution of malicious emails.
The blog post detailed how the phishing scam reached over 35,000 people, including subscribers, through the foundation’s official email address. It added that no cryptocurrency losses were identified. But the email addresses of 81 subscribers might be compromised.
According to the blog, the phishing emails lured recipients with a fabricated partnership between the Ethereum Foundation and LidoDAO. This fake collaboration promised an attractive 6.8% annual return on staked cryptocurrency (Ether, Wrapped Ether, or staked Ether).
To add legitimacy, the scam claimed the staking process was “Protected and Verified by The Ethereum Foundation,” which was false.
.@ethereum Foundation email hacked to promote @LidoFinance staking phishing scam
The foundation’s investigation led to the conclusion that no victims lost cryptocurrency from the attack. https://t.co/WvkUZyxqDw pic.twitter.com/uuxvjt0LW9
— ICO Drops (@ICODrops) July 3, 2024
Fake Ethereum Foundation Update Looks to Drain Wallets
The email included a malicious link. Clicking it wouldn’t directly steal the user’s crypto, but it would have secretly run a program in the background designed to drain their wallet. If they connected their crypto wallet to the website and signed the requested transaction, thinking it was legitimate, their funds would have been stolen.
An investigation into the attack revealed that the attackers used a combination of own email list and email addresses stolen from the Ethereum Foundation’s mailing list. The attackers managed to steal 81 email addresses that were not already on their list.
Overall Crypto Hacks Decline in June
Cryptocurrency users are constantly targeted by phishing scams. Security firm SlowMist issued a warning last month about The Open Network (TON), a blockchain built on the Telegram platform. It highlighted a surge in phishing attempts that could potentially compromise TON’s decentralized applications and expose millions of users to financial losses.
Despite a rise in phishing attacks, overall cryptocurrency hacks saw a significant decline in June. Data from PeckShield shows that losses dropped to $176m, a major drop compared to May’s $385m that hackers stole.
Credit: Source link