MailerLite Confirms $3.3M Phishing Scam Via Major Web3 Firms' Infiltration
Summary:
Email marketing company MailerLite has confirmed a breach where hackers accessed major Web3 accounts to conduct phishing scams, resulting in an estimated loss of $3.3 million. The compromised system was manipulated through a social engineering attack targeting a customer support representative, who granted the attackers access to MailerLite's admin panel. A total of 117 accounts were broken into, and sensitive client and subscriber data are at risk. The attackers used privacy protocol Railgun to obscure the transfer of stolen tokens.
Cybersecurity breach has been confirmed by MailerLite, an email marketing services provider, revealing that hackers infiltrated the accounts of prominent Web3 firms to execute phishing email frauds, resulting in an approximate loss of $3.3 million for their subscribers. On January 23, Cointelegraph and a few other Web3 companies were impacted by this cyber-attack, with the official accounts of WalletConnect, Token Terminal, and De.Fi being exploited to send malicious emails comprising of predatory links loaded with wallet-emptying software. In a detailed incident report provided by MailerLite, it was disclosed that the hackers manipulated a customer support representative, granting them control over the Web3 email addresses.
A few hours after the compromising emails had been dispatched to the subscribers, MailerLite disclosed how its system was subjected to a social engineering attack aimed at one of their customer support representatives. “During a customer service interaction on our customer service platform, the team member accessed an image that was falsely linked to a deceitful Google login page," noted the official statement. Unintentionally validating the access allowed the hackers to get hold of MailerLite’s internal admin panel. They further fortified their control by modifying a certain user’s password using the admin panel. “With such control, they succeeded in faking user accounts, focusing solely on those linked with cryptocurrencies.”
MailerLite stated that out of the 117 compromised accounts, just a few were exploited to launch the phishing attacks. The service provider also cautioned that their clients' and subscribers’ sensitive data, encompassing full names, email addresses, and additional personal details uploaded to MailerLite, are at risk. Despite being a primary target of the phishing email fraud, Cointelegraph, being unable to gather any additional insights about the phishing incident, is still awaiting response from MailerLite's support team.
Cointelegraph obtained assistance from blockchain analytics platform, Nansen, to evaluate the amount swindled by the cybercriminals. By tracking the token flows on Nansen-backed blockchains, the platform's research team established that the prime fraudulent wallet registered an inflow of $3.3 million. “Of the total, $2.6 million refers to XBANKING tokens, which appears to be exclusive to the LATOKEN exchange (via Coingecko) and seems less liquid. The value is 80% of its full diluted value, making it challenging to convert,” informed Nansen's team to Cointelegraph.
After excluding the XBANKING tokens from the total funds stolen, Nansen calculated the sum of stolen funds that can be conveniently converted, to be approximately $700,000. Simultaneously, the collective theft was estimated to be in the same range by an unidentified user on Reddit, based on a comprehensive thread. These findings also included XB tokens and were corroborated by Nansen.
Both Nansen and Reddit pointed out that the attackers used Railgun, a privacy protocol, to camouflage the transfer of stolen tokens. This system, a built-in privacy solution for Ethereum, BSC, Polygon, and Arbitrum, employs Zero-Knowledge (ZK) cryptography to privately leverage smart contracts and decentralized finance (DeFi) protocols.
Published At
1/24/2024 12:08:27 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.