More than 35,000 email addresses were hacked by an email impersonating Lido's staking program, sent from the official Ethereum Foundation email account.

On June 23, the Ethereum Foundation issued an emergency notice that the organization's official email account, updates@blog.ethereum.org, had been hacked. The attacker took advantage of access to this account to send phishing emails to 35,794 addresses, advertising a "collaborative" staking program between the Ethereum Foundation and LidoDAO, a platform providing decentralized staking services. famous middle.

According to the email content, this "cooperation" program promises to bring users profits of up to 6.8% when staking assets such as ETH, stETH and WETH. To increase persuasion, the fake email also emphasized that this staking service is "protected and verified" by the Ethereum Foundation, thereby taking advantage of the organization's reputation to deceive users.

Fake emails are sent to users from hackers

The email is sophisticatedly designed and uses professional language to create trust, causing users to be lured into clicking the "Begin Staking" button at the bottom of the email, leading to a fake website called "Staking Launchpad". This website is designed to steal money from users' wallets when they perform a "Stake" operation.

The interface of the Ethereum Foundation website is tampered with

Immediately after discovering the incident, the Ethereum Foundation quickly stepped in, regained control of the compromised email account and investigated the scale of the attack. According to information from the Ethereum Foundation, there are currently no recorded cases of money being lost due to this email attack. However, the organization also revealed some worrying information about how attackers collect email addresses.

Specifically, the Ethereum Foundation discovered that the attacker uploaded a database containing email addresses that were not in the Ethereum Foundation's subscriber list. This means that not only those who sign up to receive email updates from the Ethereum Foundation are the target of the attack, but many other users are also at risk of becoming victims.

In addition, the hacker also exported the email list "blog mailing list email addresses" containing 3,759 addresses. However, this list only contains 81 unique email addresses, the rest are "duplicate addresses". Therefore, it is estimated that only 81 subscribers were actually affected by this attack.

To prevent widespread damage, the Ethereum Foundation contacted wallet providers, organizations that maintain blacklists of malicious websites, and DNS provider Cloudflare to request a warning to users about the “Staking Launchpad” website. " fake.

The incident once again raises alarm bells about email phishing scams in the cryptocurrency industry. To protect their assets, users need to increase vigilance against suspicious emails, especially those that request personal information or links to unfamiliar websites. Always double check the sender's email address and contact the relevant organization directly to verify the information before making any transactions.