Ethereum Foundation Email Hacked in Phishing Scam, But No Crypto Lost

Ethereum Foundation Responds Swiftly to Email Phishing Attack

Ethereum Foundation: On June 23, the Ethereum Foundation’s “update” email account was hacked and used to promote a phishing scam, according to a July 2 blog post from the foundation. The foundation has since recovered the account, and malicious emails are no longer being sent out.

Mass Phishing Campaign Targets Foundation’s Subscribers

According to the post, 35,794 scam emails were sent to the foundation’s subscribers and other individuals using its official updates@blog.ethereum.org email address. Despite this large number, the foundation’s investigation concluded that no victims lost cryptocurrency from the attack. However, the attacker may have exposed the email addresses of 81 subscribers.

Deceptive Announcement Linked to Fake Staking Launchpad

The emails contained a fake announcement stating that the Ethereum Foundation had partnered with the Lido decentralized autonomous organization (LidoDAO) to offer 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether (ETH) deposits. It told subscribers that staking would be “Protected and Verified by The Ethereum Foundation.” Users who clicked the “Begin Staking” button in the email were directed to a malicious web app, which advertised itself as a “Staking Launchpad.” Clicking the “Stake” button from within this app pushed a transaction to the user’s wallet. If the user had approved this transaction, “their wallet would have been drained,” the post stated.

Swift Response to Contain the Threat

When the malicious emails were discovered, the foundation responded by blocking the attacker from sending more emails. It also “closed off the malicious access path the threat actor had used to obtain access into the mailing list provider,” ensuring that the attacker could no longer access the email address. Notices were sent out to various blacklists, Web3 wallet providers, and Cloudflare so that users could receive warnings if they attempted to navigate to the malicious site.

Potential Exposure Beyond Subscribers

After further investigation, the Ethereum Foundation discovered that the attacker had uploaded a database containing new email addresses that were not part of the Ethereum Foundation’s subscriber list, implying that some users who were not on the list may have nevertheless received the scam emails. Additionally, the attacker “exported the blog mailing list email addresses, which was a total of 3,759 email addresses.” The foundation found that “the blog mailing list contained 81 email addresses that the threat actor did not previously have knowledge of, and the rest were duplicate addresses.”

No Financial Losses Reported

Luckily, the attacker appears to have gained no crypto loot from the attack. The foundation stated: “Analyzing on-chain transactions made to the threat actor between the time they sent out the email campaign and the time the malicious domain got blocked, appear to show that no victims lost funds during this specific campaign sent by the threat actor.”

A Stark Reminder of Ongoing Threats

Phishing campaigns are a common way for crypto users to lose their funds. On June 23, a MakerDAO member lost $11 million after making several mistaken token approvals, apparently after interacting with a fake web app. On June 26, a marketing email address for the blockchain network Hadera Hashgraph was also hacked to send out scam emails.

Ethereum Foundation Email Hack FAQ

For more up-to-date crypto news, you can follow Crypto Data Space.