July 8, 2024 at 11:48AM
A threat actor hacked into Ethereum Foundation’s account on a mailing list platform, using it to send phishing emails to over 35,794 addresses. The emails, appearing to be from a legitimate source, promoted a Lido scam and contained a link to a malicious site. The Foundation took immediate action to prevent further harm and protect users.
From the meeting notes provided, here are the key takeaways:
– A threat actor hacked into the Ethereum Foundation’s account on a mailing list platform and initiated a phishing campaign using more than 35,794 email addresses. The phishing emails were sent from the legitimate [email protected] email address and promoted a Lido scam with a link to a malicious site that aimed to drain visitors’ wallets.
– The threat actor utilized their access to export 3,759 email addresses from the foundation’s mailing list and imported their own list of emails for the phishing campaign. It is noted that 81 of the exported email addresses were not known to the threat actor.
– Analysis of on-chain transactions showed that no victims lost funds during this specific campaign.
– Immediate measures were taken by the Ethereum Foundation, including preventing the threat actor from sending additional emails, blocking their access to the platform, sending notifications to users to avoid clicking the malicious URL, and submitting the link to be blocked by web3 wallet providers and Cloudflare.
– Additional measures are being taken, such as migrating some mail services to other providers, to further reduce the risk of similar incidents in the future.
Furthermore, it is important to note that related phishing attacks have been noted in the cybersecurity landscape, involving platforms such as Malware Sandbox Any.Run, Autodesk Drive, and issues like open redirect flaws in American Express and Snapchat being exploited in phishing attacks.