Connect with us

Hi, what are you looking for?


Data Breaches

Hacked Ethereum Foundation Account Used to Send 35,000 Phishing Emails

A threat actor sent over 35,000 phishing emails after hacking into Ethereum Foundation’s account on a mailing list platform.

A threat actor hacked into Ethereum Foundation’s account on a mailing list platform and used it to send email phishing lures to more than 35,794 addresses.

The phishing emails, which came from the legitimate [email protected] email address, promoted a Lido scam and contained a link to a malicious site designed to drain the visitors’ wallets.

“This website had a crypto drainer running in the background, and if a user initiated their wallet and signed the transaction requested by their website their wallet would have been drained,” the Ethereum Foundation said in a notice.

According to the organization, the threat actor leveraged their access to the platform to export 3,759 email addresses representing the foundation blog’s mailing list and to import their own list of emails to be used in the phishing campaign.

The foundation says that 81 of the exported email addresses were not known to the threat actor, while the others were already in their data set.

“Analyzing on-chain transactions made to the threat actor between the time they sent out the email campaign and the time the malicious domain got blocked, appear to show that no victims lost funds during this specific campaign sent by the threat actor,” the Ethereum Foundation said.

The organization said it took immediate steps to prevent the threat actor from sending additional emails, blocked the hackers’ access to the platform, sent notifications to alert users to not click on the malicious URL, and submitted the link to be blocked by web3 wallet providers and Cloudflare.

“As we continue working on this incident, we have taken additional measures such as migrating some mail services to other providers, to further help reduce the risk of this happening again,” the Ethereum Foundation said.

Advertisement. Scroll to continue reading.

Related: Malware Sandbox Any.Run Targeted in Phishing Attack

Related: Autodesk Drive Abused in Phishing Attacks

Related: Shield and Visibility Solutions Target Phishing From Inside the Browser

Related: Open Redirect Flaws in American Express and Snapchat Exploited in Phishing Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights