Ethereum

Ethereum Foundation Blog: Phishing Email Incident Explained

marcel.mihalic@gmail.com
By marcel.mihalic@gmail.com 3 Min Read

On June 23, 2024, at 00:19 AM UTC, a phishing email was dispatched to a total of 35,794 email addresses by updates@blog.ethereum.org featuring the following content

Individuals who clicked on the link in the email were directed to a harmful website:

This website operated a crypto drainer in the background, and if a user accessed their wallet and approved the transaction requested by the website, their wallet would have been compromised.

Our internal security team immediately initiated an investigation to establish who was behind the attack, what the objectives were, when it occurred, who was impacted, and how the incident transpired.

Among the initial actions taken were:

  • Stopped the threat actor from sending further emails.
  • Issued notifications via Twitter and email, advising users not to click the link.
  • Disabled the malicious access channel utilized by the threat actor to gain entry into the mailing list provider.
  • Reported the malicious link to various blacklists, resulting in it being blocked by most web3 wallet providers and Cloudflare.

Our investigation into the attack revealed that:

  • The threat actor imported a substantial email list of their own into the mailing list platform for the phishing operation.
  • The threat actor retrieved 3,759 email addresses from the blog mailing list.
  • Upon comparing the emails in the list imported by the threat actor, we discovered that the blog mailing list encompassed 81 email addresses previously unknown to the threat actor, while the rest were duplicates.
  • Analysis of on-chain transactions linked to the threat actor between the time of the email campaign and when the malicious domain was blocked suggests that no victims experienced any financial losses during this specific attack.

As we continue to address this incident, we have implemented additional measures, including migrating some mail services to alternative providers, to further mitigate the risk of recurrence.

We sincerely apologize for the occurrence of this incident and are actively collaborating with both our internal security team and external security experts to address and investigate this matter comprehensively.

For any inquiries, please reach out to security@ethereum.org.

You Might Also Like

US Government Loses $20M in Seized Assets After Suspected Hack

US Government Wallet Hacked: $20M in Cryptocurrency Stolen!

$259M Liquidated as Bitcoin Volatility Rocks Crypto Market

Creating an Ethereum Wallet for Safe Digital Asset Storage

Ethereum Hits 42-Month Low vs. Bitcoin: What’s Next?

Share This Article
Previous Article Australia Pioneers CBDC Innovation with eAUD Pilot Program
Next Article Bitcoin ETFs Gain $186.76M; Grayscale’s Ether Fund Struggles
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

- Advertisement -

Latest News

4 Cryptos to Challenge Solana: Potential Growth for Investors
Defi
Bitcoin ETF Inflows Exceed $3B, Demand Reaches 6-Month Peak
ETFs
Japan’s Push for Bitcoin and Ethereum ETFs Gains Momentum
Institutions
Ripple Appeals Court Ruling on XRP’s Institutional Sales
Meme
en en