A Massive Phishing Campaign
If you are a user of Wallet Connect, CoinTelegraph, Token Terminal, or De.Fi, you need to be aware of a massive phishing campaign that is targeting crypto wallets. Wallet Connect recently notified its community about an authorized email sent from a Wallet Connect-linked email address. The email contained a link to claim an airdrop, but it led to a malicious site. It was not issued by the Wallet Connect team or anyone affiliated with them. Blockaid, a web3 security and privacy firm, was contacted to investigate the phishing scam further.
Widespread Compromise
It turns out that the phishing campaign is more extensive than initially thought. Other web3 companies like CoinTelegraph, Token Terminal, and De.Fi also had their emails compromised. This indicates that the attackers are sophisticated and have targeted multiple platforms. At the time of the alert, around $580K had already been stolen from unsuspecting users.
Exploiting Email Service Provider Vulnerability
The attackers were able to impersonate web3 companies by leveraging a vulnerability in the email service provider MailerLite. They used “dangling dns” records associated with MailerLite that remained active even after closing their accounts. This allowed them to claim and impersonate these accounts, sending convincing emails with malicious links attached.
Security Breach Explanation
MailerLite later explained that their investigation revealed that a member of their customer support team inadvertently became the initial point of compromise. The team member clicked on an image linked to a fraudulent Google sign-in page and entered their credentials there. This granted access to the attackers who then penetrated MailerLite’s internal admin panel. They reset passwords and gained unauthorized control over 117 accounts, specifically targeting cryptocurrency-related accounts for the phishing campaign.
Analyzing the Attack
An anonymous Reddit user analyzed the situation and discovered that one victim lost approximately 2.64M worth of XB Tokens. The phishing wallet received about 2.7M, while 518.75K went to another address. The majority of stolen funds were in the first phishing address. Additionally, around $520,000 worth of ETH was sent to privacy protocol Railgun, with suspicions that it will soon be moved through another mixer or exchange.
Hot Take: Protect Yourself from Phishing Scams
Phishing scams continue to pose a significant threat in the crypto space. To protect yourself, always be cautious when clicking on links or opening emails, especially if they come from unofficial sources. Verify the authenticity of emails and links before taking any action. Enable two-factor authentication whenever possible and use hardware wallets for an extra layer of security. Stay informed about the latest phishing techniques and remain vigilant to ensure the safety of your crypto assets.
By
By
By