Monday, July 22, 2024

Hackers Compromised Ethereum’s Mailing List to Drain Their Crypto Funds

In a recent cyberattack, hackers successfully compromised Ethereum’s mailing list, attempting to drain users’ crypto funds through a sophisticated phishing campaign.

The breach has raised significant concerns within the cryptocurrency community, prompting immediate action from Ethereum’s internal security team.

A phishing email was sent out to 35,794 email addresses by with the following content
A phishing email was sent out to 35,794 email addresses by [email protected] with the following content

The Attack Unfolds

The attack was executed through a malicious website that ran a crypto drainer in the background.

Users who initiated their wallets and signed the transaction requested by the website found their wallets drained of funds.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

The attackers managed to import a large email list into Ethereum’s mailing list platform and used it to launch the phishing campaign.

Ethereum’s internal security team quickly identified the breach and launched an investigation to determine the scope and impact of the attack.

Initial findings revealed that the threat actor had exported 3,759 email addresses from the blog mailing list, including 81 addresses previously unknown to the attacker.

Immediate Response and Mitigation

Upon discovering the breach, Ethereum’s security team swiftly mitigated the damage and prevented further attacks.

The initial steps included:

  • Preventing Further Emails: The threat actor was blocked from sending additional emails through the compromised mailing list.
  • Public Notifications: Notifications were sent out via Twitter and email, warning users not to click on the malicious link.
  • Closing Access Paths: The malicious access path used by the threat actor to gain entry into the mailing list provider was shut down.
  • Blacklisting Malicious Links: The malicious link was submitted to various blacklists and subsequently blocked by the majority of web3 wallet providers and Cloudflare.

Despite the severity of the breach, Ethereum’s investigation showed that no victims lost funds during this campaign.

On-chain transaction analysis indicated that the malicious domain was blocked before significant damage occurred.

Ongoing Investigation and Future Measures

As the investigation continues, Ethereum has taken additional measures to enhance security and prevent future incidents.

These steps include migrating mail services to other providers to reduce the risk of similar attacks.

The company is also working closely with external security teams to further address and investigate the incident.

In a statement, Ethereum expressed deep regret over the incident and reassured users that they are working diligently to resolve the issue.

“We are deeply sorry that this incident occurred,” the statement read.

“We are working diligently with both our internal security team as well as external security teams to help address further and investigate this incident.”

The attack on Ethereum’s mailing list highlights the ongoing challenges and vulnerabilities in the cryptocurrency space.

As digital assets grow in popularity, the need for robust security measures becomes increasingly critical.

Ethereum’s swift response and transparency in handling the breach serve as a reminder of the importance of vigilance and proactive security practices in the ever-evolving world of cryptocurrencies.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo


Latest articles

SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition

SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN....

Hackers Registered 500k+ Domains Using Algorithms For Extensive Cyber Attack

Hackers often register new domains for phishing attacks, spreading malware, and other deceitful activities. Such...

Hackers Claim Breach of Daikin: 40 GB of Confidential Data Exposed

Daikin, the world's largest air conditioner manufacturer, has become the latest target of the...

Emojis Are To Express Emotions, But CyberCriminals For Attacks

There are 3,664 emojis that can be used to express emotions, ideas, or objects...

Beware Of Fake Browser Updates That Installs Malicious BOINC Infrastructre

SocGholish malware, also known as FakeUpdates, has exhibited new behavior since July 4th, 2024,...

Data Breach Increases by Over 1,000% Annually

The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support...

UK Police Arrested 17-year-old Boy Responsible for MGM Resorts Hack

UK police have arrested a 17-year-old boy from Walsall in connection with a notorious...
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles