Massive Phishing Attack on Web3 Protocols Leads to Over $580,000 Crypto Loss
Summary:
On January 23rd, users of several Web3 protocols were targeted in a wide-scale phishing attack, resulting in the loss of over $580,000 in cryptocurrency. The attack involved fraudulent emails originating from official addresses of various Web3 protocols, including WalletConnect and Cointelegraph. Security firms, like Hudson Rock, discovered malware on a computer belonging to an employee of MailerLite, the email service provider used by these protocols, which may have facilitated the attack. Investigations remain ongoing to determine the full extent and cause of the breach.
On January 23rd, a large-scale phishing campaign hit users across several Web3 protocols, resulting in a loss of over $580,000 in cryptocurrency holdings. The attack involved fraudulent emails originating from authentic email addresses belonging to Web3 protocols such as WalletConnect, TokenTerminal, Social.Fi, De.Fi, and even the well-known Cointelegraph. Below is an order of events:
At 10:03 am UTC, WalletConnect issued a warning stating its users had been the targets of deceptive emails. These emails, seemingly sent from an authentic WalletConnect email address, requested recipients to click a link to receive an airdrop. WalletConnect, however, confirmed that neither they nor their affiliates had sent the said email, identifying the included link as potentially harmful. They're currently working with Blockcaid, a blockchain security firm, to figure out how the attacker accessed their email domain.
At 10:11 am UTC, Cointelegraph notified its subscribers via Telegram about fraudulent emails being disseminated from its verified email address. Members from the Cointelegraph team also noted receiving the same predatory email, claiming to offer a "10th Anniversary Web3 Exclusive Airdrop" but actually leading to a harmful Web3 protocol. The company's IT department immediately launched an investigation and contacted their email provider, MailerLite, seeking a resolution. Eventually, the IT team effectively blocked the damaging links from being further distributed. Cointelegraph efficiently advised its subscribers across different social media platforms not to entertain these phoney airdrop emails.
Around 11 am, Cointelegraph became aware of WalletConnect's warning and initiated an independent investigation. Soon, ZachXBT reported on Telegram that the phishing attack was orchestrated using "CoinTelegraph, WalletConnect, Token Terminal, and De.Fi."
At 11:41 am, Cointelegraph officially reported the hack. By noon, an extensive report was published concerning the phishing campaign, revealing that at least five different websites were compromised, resulting in more than $580,000 worth of crypto assets being stolen.
At 1:34 pm, Hudson Rock, a cybersecurity firm, issued a report offering an interesting possibility. They indicated that malware was found on a computer belonging to an employee from MailerLite โ the very same email provider used by the compromised websites. This malware could have potentially enabled the attacker to infiltrate MailerLite's servers, thus explaining the extensive phishing campaign.
Hudson Rock's report illustrated that their researchers found that the infiltrated computer had access to delicate URLs within MailerLite and its third-party affiliates. This computer held authentic cookies for Slack.com and Office365, which could be exploited for session hijacking to obtain sensitive information. The computer was allegedly compromised while trying to execute a corrupted software. While Hudson Rock cautioned that this evidence doesn't definitively prove the phishing campaign was a result of this malware, it does highlight the potential risk any single "infostealer" infection can pose.
At 4:55 pm, Blockaid revealed its investigation's conclusions. They stated that the assailant successfully exploited a weakness in the MailerLite email service to impersonate multiple web3 firms, ensuing in the drain of assets over $600k.
Finally, it must be noted that MailerLite has confirmed that an internal investigation is ongoing. As of publication time, their definitive report had still not been submitted.
Published At
1/23/2024 10:01:33 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.