The Ethereum Foundation's (EF) "Update" email account was hacked on June 23 and used to spread a phishing scam promoting fake Lido staking opportunities. The foundation later restored the compromised accounts, but the incident highlighted the seriousness of phishing links on the chain.
Foundation's response to hacker attack
According to an article published by the Ethereum Foundation on July 2, the hacked email account sent 35,794 fraudulent emails to subscribers and other individuals. The emails appeared to come from the official updates@blog.ethereum.org address, confusing people.
Ethereum Foundation Phishing Letter
Ethereum core developers confirmed the attack a week ago:
Confirming we managed to send out an update. We should have locked down all external access, but still confirming. https://t.co/QJJPSW2fuY pic.twitter.com/sqmL4EmJbc
— timbeiko.eth (@TimBeiko) June 23, 2024
Details of the phishing scam
The phishing email falsely claims that the Ethereum Foundation has cooperated with LidoDAO to provide 6.8% of Ethereum (ETH), packaged Ethereum (WETH) or pledged Ethereum (stETH) pledge income. The content of the email states that the pledge process is "affected by Ethereum" Foundation Protection and Verification".
Victims are lured into clicking a "Start Staking" button, which redirects them to a malicious web application disguised as a "Staking Enablement Platform." Clicking the "Stake" button in this application will prompt a transaction, which, if approved, will empty the user's wallet.
What remedies does the Ethereum Foundation have?
After discovering these malicious emails, the Ethereum Foundation quickly blocked the attacker from sending more emails, blocked the exploited access path, and warned blacklists, Web3 wallet providers, and cloud service provider Cloudfare to remind users to pay attention to the phishing website. .
Further investigation revealed that the attacker uploaded a repository of new email addresses that were not part of the Ethereum Foundation’s original subscription list. This means that certain individuals who were not subscribed to updates from the Ethereum Foundation also received the scam email. Additionally, the attackers stole the Ethereum Foundation’s mailing list, which contained 3,759 email addresses, including 81 new addresses that were previously unknown to the attackers.
no financial loss
Despite the massive phishing attack, the Ethereum Foundation said no cryptocurrency was lost. On-chain transaction analysis shows that no funds were lost during the event.
Phishing scams are too common, and wallets on the chain are gone as soon as they are connected
When the security software ScamSniffer released its April phishing attack report, it stated that there were 34,619 victims and $38.63 million in phishing victims in April. ScamSniffer says that up to 88% of stolen assets are ERC20. Most were caused by phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2, resulting in significant losses.
(All money disappears with one click! What are the phishing techniques and prevention methods for "offline authorized signature"? Fake EigenLayer case)
This article The Ethereum Foundation email account was hacked, promoting Lido pledge phishing scam first appeared on Chain News ABMedia.
