The Ethereum Foundation recently fell victim to a cyberattack that compromised its official email account, which was subsequently used to promote a fraudulent Lido staking scheme.
Details of the Breach
According to an announcement, the Ethereum Foundation’s email account was hacked on June 23. The attackers utilized the updates@blog.ethereum.org email address to send phishing emails to 35,794 recipients. The fraudulent email purported to announce a collaboration between the Ethereum Foundation and the Lido decentralized autonomous organization (LidoDAO). It falsely promised a 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether (ETH) deposits.
Contents of the Scam Email
The email misleadingly claimed, “The collaboration harnesses the strengths of both organizations to deliver deep liquidity and competitive rewards, enhancing your staking experience with over 100+ integrations.” It further assured recipients that the staking service would be “protected and verified” by the Ethereum Foundation. The email included a “Begin Staking” button that redirected users to a malicious website designed to look professional.
The Malicious Website
The fraudulent site, dubbed “Staking Launchpad,” was created by the attackers to drain users’ crypto assets. Upon clicking the “Stake” button, users were prompted to approve a transaction in their wallets. If approved, the website’s crypto drainer would empty the users’ accounts.
Outcome and Investigation
Fortunately, the Ethereum Foundation regained control of the compromised email account before any funds were lost. Their investigation revealed that no victims had lost funds during the attack. “Analyzing on-chain transactions made to the threat actor between the time they sent out the email campaign and the time the malicious domain got blocked appear to show that no victims lost funds during this specific campaign sent by the threat actor,” the foundation reported.
The attackers had uploaded a database containing email addresses that were not part of the Foundation’s subscribers list, resulting in non-subscribers also receiving the scam email. They also exported a list of 3,759 email addresses from the Foundation’s blog mailing list, but only 81 of these addresses were unique, with the rest being duplicates.
Preventative Measures
In response, the Ethereum Foundation contacted several wallet providers, blacklists, and DNS provider Cloudflare to warn users about the malicious website. This incident is part of a broader trend of phishing schemes targeting the cryptocurrency industry via email. In early June, several key crypto figures warned of a compromised email vendor that sent scam emails promoting fake airdrops. Previously, email addresses of several prominent crypto-related entities had been used in phishing campaigns.
Conclusion
While the Ethereum Foundation successfully thwarted this phishing attempt without financial losses, the incident underscores the ongoing risks and the need for vigilance in the cryptocurrency space.
Powered by Crypto Expert BD
Follow us on Twitter: https://x.com/CryptoExpert_BD
Join our Telegram channel: https://t.me/CryptoExpert_BD