A Phishing Attack on MailerLite Allows Hackers to Steal $600,000 in Crypto
A phishing attack targeted MailerLite, a crypto email provider, resulting in hackers impersonating major web3 companies and stealing over $600,000 by sending wallet-draining links to unsuspecting subscribers. The attack began when MailerLite employees fell victim to a phishing attack themselves.
TLDR
- Hackers gained access to MailerLite’s system through a phishing attack on an employee
- They accessed crypto-related accounts and impersonated legitimate companies
- Phishing emails were sent from compromised accounts with links to wallet-draining malware
- Major web3 companies like CoinTelegraph, WalletConnect, and De.Fi were affected
- Over $600,000 in crypto funds were stolen through the phishing attack
The scheme started when a MailerLite customer support representative responded to what seemed like a genuine customer inquiry on January 23rd. However, the attached image contained a fake Google sign-in page used to obtain the employee’s credentials. With access to the internal admin panel, the attackers escalated their permissions by resetting a user’s password.
The hackers targeted cryptocurrency-related accounts connected to the mailing service and gained access to 117 accounts. While not all accounts were exploited, well-known web3 companies such as CoinTelegraph, WalletConnect, Token Terminal, and De.Fi had their accounts compromised.
With control of these accounts, the attackers crafted emails that appeared to be from legitimate companies. These emails urged subscribers to click on links that actually led to wallet-draining software designed to steal crypto funds.
By using familiar formatting from trusted sources, the phishing attempt successfully tricked many victims. Cybersecurity experts traced the stolen funds to over $600,000 taken from users’ crypto wallets. Some of the funds were quickly passed through privacy protocol Railgun to erase the money trail. However, blockchain analysis revealed that over $580,000 can be attributed to the MailerLite phishing scam.
The attack utilized a tactic called “dangling DNS,” which takes advantage of active DNS records even after customers close their MailerLite accounts. This vulnerability allowed the hackers to impersonate domains that had stopped using the mailing provider.
MailerLite detected the suspicious activity and successfully halted the breach. However, more than 100 customer accounts were accessed during the incident, exposing personal information such as names, emails, and uploaded data.
MailerLite has stated that they are addressing security flaws and improving employee training to prevent similar attacks in the future.
Hot Take: Phishing Attack Exposes Vulnerabilities in Crypto Email Provider
The recent phishing attack on MailerLite highlights the importance of robust cybersecurity measures within the crypto industry. Hackers were able to exploit an employee’s credentials to gain access to crypto-related accounts and steal over $600,000 in funds. By impersonating well-known web3 companies, they successfully tricked unsuspecting subscribers into clicking on wallet-draining links.
This incident serves as a reminder for crypto users to remain vigilant against phishing attempts and to verify the authenticity of emails before taking any actions. It also underscores the need for companies like MailerLite to continuously improve their security protocols and provide thorough training for employees to prevent future attacks.
By
By
By
By