July 4, 2024 at 12:18PM
A threat actor compromised Ethereum’s mailing list provider and sent a phishing email to over 35,000 addresses, luring recipients to a malicious site offering investment returns. Ethereum disclosed the incident, stating it had no material impact. The internal security team launched an investigation, blocked the attacker, and warned the community. No recipients fell for the trap. Ethereum is taking additional measures to prevent future incidents.
Key takeaways from the meeting notes:
1. A threat actor compromised Ethereum’s mailing list provider and sent a phishing email to over 35,000 addresses, luring recipients to a fake website and attempting to drain their cryptocurrency wallets.
2. Ethereum disclosed the incident in a blog post, stating that it had no material impact on users.
3. The attacker used a combination of their own email address list and an additional 3,759 addresses exported from the platform’s blog mailing list, with only 81 of the exported addresses previously unknown to the attacker.
4. The malicious email enticed recipients with a fake collaboration announcement and a promise of a 6.8% annual percentage yield (APY) on staked Ethereum.
5. Ethereum’s internal security team launched an investigation, identified the attacker, and took measures to block further emails, notify the community, and submit the malicious link to blocklists.
6. On-chain transaction analysis revealed that none of the email recipients fell for the trap during the campaign.
7. Ethereum is taking additional measures and migrating some email services to other providers to prevent such incidents in the future.