The Ethereum Foundation announced Tuesday that its email account used for updates was hacked on June 23 to promote a phishing scam. However, the foundation has since regained control of the account, putting an end to the distribution of malicious emails.
The blog post detailed how the phishing scam reached over 35,000 people, including subscribers, through the foundation’s official email address. It added that no cryptocurrency losses were identified. But the email addresses of 81 subscribers might be compromised.
According to the blog, the phishing emails lured recipients with a fabricated partnership between the Ethereum Foundation and LidoDAO. This fake collaboration promised an attractive 6.8% annual return on staked cryptocurrency (Ether, Wrapped Ether, or staked Ether).
To add legitimacy, the scam claimed the staking process was “Protected and Verified by The Ethereum Foundation,” which was false.
.@ethereum Foundation email hacked to promote @LidoFinance staking phishing scam
The foundation’s investigation led to the conclusion that no victims lost cryptocurrency from the attack. https://t.co/WvkUZyxqDw pic.twitter.com/uuxvjt0LW9
— ICO Drops (@ICODrops) July 3, 2024
The email included a malicious link. Clicking it wouldn’t directly steal the user’s crypto, but it would have secretly run a program in the background designed to drain their wallet. If they connected their crypto wallet to the website and signed the requested transaction, thinking it was legitimate, their funds would have been stolen.
An investigation into the attack revealed that the attackers used a combination of own email list and email addresses stolen from the Ethereum Foundation’s mailing list. The attackers managed to steal 81 email addresses that
Read more on cryptonews.com