Wallet verification link cannot be clicked? ZachXBT: Official emails of multiple encryption teams hacked, with over 600,000 pounds stolen
Blockchain detective ZachXBT issued a warning on the 23rd yesterday, stating that official emails of multiple cryptocurrency media or projects, including Cointelegraph and Wallet Connect, have been hacked. Phishing emails containing verification requests or activity links are being sent to users, resulting in over $600,000 in losses in just a few days.
Community Alert: Phishing emails are currently being sent out that appear to be from CoinTelegraph, Wallet Connect, Token Terminal and DeFi team emails.
~$580K has been stolen so far
0xe7D13137923142A0424771E1778865b88752B3c7 pic.twitter.com/XoN65HxOYh— ZachXBT (@zachxbt) January 23, 2024
Table of Contents
Popular Crypto Media and Wallet Providers' Emails Compromised
ZachXBT's tweet claims that many prominent crypto media, projects, and wallet providers' official emails seem to have been under attack, sending emails containing phishing links to registered or subscribed users. The reason appears to be due to a cybersecurity incident involving the email service provider MailerLite on the same day:
Affected teams include CoinTelegraph, Wallet Connect, Token Terminal, and De.Fi, among others.
Additionally, "the total stolen assets value has reached around $580,000 so far."
It is understood that the perpetrators used the official email templates, attaching malicious links with reasons like "inviting users to join the 10th-anniversary project" or "requesting email verification" to lure victims into clicking and stealing funds.
Comments section also mentioned that official emails from Trust Wallet, Binance Help, OpenSea, Patreon, and X Twitter should also pay attention to the security of internal links, as they may pose phishing risks.
ZachXBT also provided the wallet of the perpetrators, and the address balance increased from $3,450 to a staggering $2.716 million within 10 days, including transfers in, with more thefts occurring within a day.
Main Culprit: MailerLite?
Allegedly, the above attacks seem to stem from a major privacy breach involving the email marketing service provider MailerLite.
The cybersecurity team Blockaid's latest tweet connects the two incidents, indicating that attackers exploited vulnerabilities in the email marketing service provider MailerLite, intruding and obtaining official emails from over a hundred companies to impersonate web3 companies and steal over $600,000.
Today, Blockaid researchers discovered a phishing attack where an attacker was able to leverage a vulnerability in email service provider Mailer Lite to impersonate web3 companies, draining $600k+. Blockaid instantly protected millions of users and was able to safeguard $2.7M. pic.twitter.com/SvGMdB4vNZ
— Blockaid (@blockaid_) January 23, 2024
MailerLite also acknowledged this through a statement, confirming an unauthorized access to internal management content due to a business support manager clicking on a deceptive link yesterday morning, allowing hackers to enter MailerLite's internal systems.
It is reported that the data breach incident involved a total of 117 accounts, with a few used for phishing attacks against crypto wallets:
Upon detecting the attack, MailerLite quickly identified and resolved the issue, halting further control by the attackers, and MailerLite has confirmed the attack.
Additionally, "we reported this cybersecurity incident to the Irish Data Protection Authority within 8 hours and informed the primary contacts of all affected accounts to provide them with the next steps to secure their accounts. We will also enhance security training and adjust internal operational processes."