A threat actor hacked into Ethereum Foundation’s account on a mailing list platform and used it to send email phishing lures to more than 35,794 addresses.
The phishing emails, which came from the legitimate [email protected] email address, promoted a Lido scam and contained a link to a malicious site designed to drain the visitors’ wallets.
“This website had a crypto drainer running in the background, and if a user initiated their wallet and signed the transaction requested by their website their wallet would have been drained,” the Ethereum Foundation said in a notice.
According to the organization, the threat actor leveraged their access to the platform to export 3,759 email addresses representing the foundation blog’s mailing list and to import their own list of emails to be used in the phishing campaign.
The foundation says that 81 of the exported email addresses were not known to the threat actor, while the others were already in their data set.
“Analyzing on-chain transactions made to the threat actor between the time they sent out the email campaign and the time the malicious domain got blocked, appear to show that no victims lost funds during this specific campaign sent by the threat actor,” the Ethereum Foundation said.
The organization said it took immediate steps to prevent the threat actor from sending additional emails, blocked the hackers’ access to the platform, sent notifications to alert users to not click on the malicious URL, and submitted the link to be blocked by web3 wallet providers and Cloudflare.
“As we continue working on this incident, we have taken additional measures such as migrating some mail services to other providers, to further help reduce the risk of this happening again,” the Ethereum Foundation said.
Related: Malware Sandbox Any.Run Targeted in Phishing Attack
Related: Autodesk Drive Abused in Phishing Attacks
Related: Shield and Visibility Solutions Target Phishing From Inside the Browser
Related: Open Redirect Flaws in American Express and Snapchat Exploited in Phishing Attacks
