Ethereum Foundation email account hacked, promoting Lido staking phishing scam
The Ethereum Foundation, abbreviated as EF, had its "Update" email account hacked on June 23, and was used to distribute phishing scams promoting fake Lido staking opportunities. The foundation later recovered the compromised account, but this incident further underscores the severity of phishing links in the blockchain space.
Table of Contents
Foundation's Response to Hacker Attack
According to an article released by the Ethereum Foundation on July 2nd, the compromised email account sent out 35,794 phishing emails to subscribers and other individuals. These emails appeared to come from the official [email protected] address, causing confusion among recipients.
Ethereum core developers had confirmed the attack a week prior:
Details of the Phishing Scam
The phishing email falsely claimed that the Ethereum Foundation had partnered with LidoDAO to offer 6.8% in Ether (ETH), wrapped Ether (WETH), or staked Ether (stETH) returns. The email stated that the staking process was "protected and verified by the Ethereum Foundation."
Victims were lured to click on the "Start Staking" button, redirecting them to a malicious web application disguised as a "Staking Activation Platform." Clicking the "Stake" button in this application would prompt a transaction, which if approved, would empty the user's wallet.
What Remedial Measures Did the Ethereum Foundation Take?
Upon discovering these malicious emails, the Ethereum Foundation swiftly blocked the attackers from sending further emails, cut off the exploited paths, and alerted blacklist, Web3 wallet providers, and cloud service provider Cloudfare, warning users about the phishing site.
Further investigation revealed that the attackers uploaded a database containing new email addresses that were not part of the Ethereum Foundation's original subscription list. This indicated that some individuals who had not subscribed to Ethereum Foundation updates also received the phishing email. Additionally, the attackers stole the Ethereum Foundation's email list, which included 3,759 email addresses, with 81 of these being new addresses previously unknown to the attackers.
No Financial Losses Incurred
Despite the large-scale phishing attack, the Ethereum Foundation stated that no cryptocurrency losses occurred. On-chain transaction analysis showed no funds were lost during the activity.
Phishing Scams Rampant, Online Wallets at Risk
Cybersecurity software ScamSniffer reported in April on phishing attacks, with 34,619 victims and $38.63 million in losses. ScamSniffer noted that up to 88% of stolen assets were ERC20 tokens, largely due to network phishing signatures like Permit, IncreaseAllowance, and Uniswap Permit2, resulting in significant losses.
All funds gone with a click! What are the phishing techniques and prevention methods for "Offline Authorization Signatures"? Fake EigenLayer case study
Related
- South Korean Telecom Giant Exposes Security Vulnerability! Kakao Executive Clashes with Own Cryptocurrency Wallet
- The Tragic Song of the Most Successful Blockchain Game: Ronin Cross-Chain Vulnerabilities May Hinder Axie Infinity's Comeback
- Siri integrates ChatGPT! Musk strongly criticizes, company will prohibit the use of Apple devices internally