blog.ethereum.org mailing list incident | Ethereum Foundation Blog

On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 email addresses by [email protected] with the following content

Users who clicked the link in the email were sent to a malicious website:

This website had a crypto drainer running in the background, and if a user initiated their wallet and signed the transaction requested by their website their wallet would have been drained.

Our internal security team immediately launched an investigation to help determine who launched the attack, what the aim of the attack was, when it happened, who was affected, and how it happened.

Some of the intial actions taken were:

Prevented the threat actor from sending additional emails.
Sent out notifications via twitter and email to not click the link in question.
Closed down the malicious access path the threat actor had used to obtain access into the mailing list provider.
Submitted the malicious link to various blacklists, and it was then blocked by majority of web3 wallet providers and cloudflare.

Our investigation into the attack showed that:

The threat actor imported a large email list of their own into the mailing list platform to be used for the phishing campaign.
The threat actor exported the blog mailing list email addresses, which was a total of 3759 email addresses.
When we compared the emails in the email list that the threat actor had imported, we could see that the blog mailing list contained 81 email addresses that the threat actor did not previously have knowledge of, and the rest were duplicate addresses.
Analyzing on-chain transactions made to the threat actor between the time they sent out the email campaign and the time the malicious domain got blocked, appear to show that no victims lost funds during this specific campaign sent by the threat actor.

As we continue working on this incident, we have taken additional measures such as migrating some mail services to other providers, to further help reduce the risk of this happening again.

We are deeply sorry that this incident occurred, and are working diligently with both our internal security team as well as external security teams to further help address and investigate this incident.

Any questions can be directed to [email protected].

Source link

What's Hot

Strategy manager wrong about BTC backing STRC

Devconnect Istanbul Cowork Tickets Are Live!

Bitcoin price above $73k as Iran war, oil shock and Fed bets fuel risk-on mood

blog.ethereum.org mailing list incident | Ethereum Foundation Blog

Devconnect Istanbul Cowork Tickets Are Live!

Allocation Update: Q2 2023 | Ethereum Foundation Blog

Ethereum Execution Layer Specification | Ethereum Foundation Blog

Litecoin price outlook: is $80 next as BTC reclaims $92k?

Bitwise Dogecoin ETF filing starts 20-day SEC countdown for approval

XRP charts signal bullish divergence can; Ripple aims to reignite market confidence and lead a new altcoin cycle

DeadLock ransomware abuses Polygon blockchain to rotate proxy servers quietly

Strategy manager wrong about BTC backing STRC

Devconnect Istanbul Cowork Tickets Are Live!

Bitcoin price above $73k as Iran war, oil shock and Fed bets fuel risk-on mood

Saga becomes latest victim in DeFi hacking spree

Our Picks

Strategy manager wrong about BTC backing STRC

Devconnect Istanbul Cowork Tickets Are Live!

Bitcoin price above $73k as Iran war, oil shock and Fed bets fuel risk-on mood

Lithosphere News Releases

KaJ Labs Strengthens Long-Term Vision for Interoperable AI and Blockchain Development

FurGPT Strengthens Global Presence Following Multi-Exchange Listings

FurGPT Taps into Kadena’s Scalable PoW Network to Expand Emotional-AI Reach and Global Token Utility

Subscribe to Updates

What's Hot

blog.ethereum.org mailing list incident | Ethereum Foundation Blog

Related Posts