Ethereum Foundation Email Hack Sparks Phishing Scam Alert
The Ethereum Foundation’s official ‘update’ email account was compromised and used to send out a phishing scam on June 23, the foundation revealed in a July 2 blog post. The foundation has since regained control of the account, halting the spread of malicious emails.
The breach resulted in 35,794 scam emails being sent to the foundation’s subscribers and other individuals using the official email address updates@blog.ethereum.org. Fortunately, the foundation’s investigation concluded that no cryptocurrency was lost in the attack. However, the email addresses of 81 subscribers may have been exposed to the hacker.
The fraudulent emails falsely announced a partnership between the Ethereum Foundation and the Lido decentralized autonomous organization (LidoDAO), promising a 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether deposits. The email misleadingly assured recipients that their staking would be “Protected and Verified by The Ethereum Foundation.”
Recipients who clicked the “Begin Staking” button in the email were redirected to a malicious web application, posing as a “Staking Launchpad.” Within this app, clicking the “Stake” button initiated a transaction designed to drain the user’s wallet if approved.
Upon discovering the malicious emails, the foundation acted swiftly to block the attacker from sending more emails. They also secured the compromised access point to the mailing list provider, preventing further unauthorized access. Additionally, the foundation alerted various blacklists, Web3 wallet providers, and Cloudflare to warn users attempting to visit the malicious site.
Despite the breach, no victims appear to have lost funds. The foundation analyzed on-chain transactions made to the attacker between the time the emails were sent and the malicious domain was blocked. The data suggests that no funds were lost during this phishing campaign.