Wednesday, December 11, 2024
banner


On 2024-06-23, 00:19 AM UTC, a phishing email was sent to 35,794 email addresses by

Updates@blog.ethereum.org With the following content:

Users who clicked the link in the email were directed to a malicious website:

This site had a cryptocurrency draining program running in the background, and if the user started their wallet and signed the transaction requested by their website, their wallet would be drained.

Our internal security team immediately launched an investigation to help determine who launched the attack, what the target of the attack was, when it happened, who was affected, and how it happened.

Among the initial measures taken:

  • The threat actor has been blocked from sending further emails.
  • Notifications were sent via Twitter and email not to click on the link in question.
  • The malicious access path used by the threat actor to gain access to the mailing list provider has been closed.
  • The malicious link was sent to various blacklists and was subsequently blocked by the majority of web3 wallet providers and cloudflare.

Our investigation into the attack revealed the following:

  • The perpetrator imported his own large email list into a mailing list platform to use in the phishing campaign.
  • The threat actor exported the email addresses of the blog’s email list, which totaled 3,759 email addresses.
  • When we compared the emails in the email list imported by the threat actor, we saw that the blog mailing list contained 81 email addresses that the threat actor was not previously aware of, and the rest were duplicates.
  • Analysis of the on-chain transactions conducted by the threat actor between the time the email campaign was sent and the time the malicious domain was blocked appears to show that no victims lost money during this particular campaign sent by the threat actor.

As we continue to work on this incident, we have taken additional measures, such as moving some mail services to other providers, to further help reduce the risk of this happening again.

We deeply regret this incident, and are working diligently with our internal security team as well as external security teams to further assist in addressing and investigating this incident.

Any questions can be directed to:

security@ethereum.org.

banner
crypto & nft lover

Johnathan DoeCoin

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar.

Follow Me

Top Selling Multipurpose WP Theme

Newsletter

banner

Leave a Comment

crypto & nft lover

John DoeCoin

Learn all about cryptocurrency and NFT, we publish news and interesting fauths from the world of crypto.

@2022 u2013 All Right Reserved. Designed and Developed by Evegal.com