Email service provider MailerLite targeted in phishing attack
Email service provider MailerLite fell victim to a phishing attack that specifically targeted the crypto market. The attack occurred when a support team member clicked on a deceptive link, entered their Google credentials, and confirmed the second-factor challenge, giving hackers unauthorized access to Mailerlite’s internal system.
The perpetrators then executed a password reset for a specific user on the admin panel, granting them further control. They were able to impersonate user accounts, focusing exclusively on cryptocurrency-related accounts. In total, 117 accounts were accessed by the hackers.
Affected accounts included CoinTelegraph, Wallet Connect, Token Terminal, De.Fi, and Decrypt. The hackers were able to steal over $580,000 by disguising their malicious links as legitimate MailerLite templates.
Blockaid estimates over $600,000 stolen
Web3 security firm Blockaid reported that the total amount stolen exceeded $600,000. However, blockchain analytics platform Nansen revised this figure to $3.3 million with some caveats.
According to Nansen, approximately $3.3 million was funneled into the main phishing wallet address. However, $2.6 million of that amount is in XBANKING tokens, which are less liquid and could be challenging to convert. Without considering XBANKING tokens, the total inflows amount to around $700,000.
Mailerlite resolves the issue and pledges improved security
Upon discovering the incident, Mailerlite promptly resolved the issue and terminated the access method used by the perpetrators. The company confirmed that the breach has been fully stopped.
Mailerlite continues to monitor the situation and plans to make necessary changes to internal processes. This includes addressing any employees who did not adhere to security protocols and implementing improved security training.
Hot Take: MailerLite phishing attack highlights the importance of cybersecurity
The recent phishing attack on MailerLite serves as a reminder of the critical need for robust cybersecurity measures in the crypto industry. Hackers are continuously evolving their tactics to target valuable cryptocurrency assets, making it essential for companies and individuals to stay vigilant and adopt best practices.
Phishing attacks can have severe financial consequences, as evidenced by the significant sums stolen in this incident. It is crucial for organizations to prioritize employee education and implement stringent security protocols to prevent unauthorized access to sensitive information. By staying proactive and investing in cybersecurity measures, the crypto community can better protect itself against potential threats.
By
By
By
By