[ad_1]
On 2024-06-23, 00:19 AM UTC, a phishing electronic mail was despatched out to 35,794 electronic mail addresses by updates@weblog.ethereum.org with the next content material
Customers who clicked the hyperlink within the electronic mail had been despatched to a malicious web site:
This web site had a crypto drainer working within the background, and if a person initiated their pockets and signed the transaction requested by their web site their pockets would have been drained.
Our inside safety group instantly launched an investigation to assist decide who launched the assault, what the purpose of the assault was, when it occurred, who was affected, and the way it occurred.
Among the intial actions taken had been:
- Prevented the menace actor from sending further emails.
- Despatched out notifications through twitter and electronic mail to not click on the hyperlink in query.
- Closed down the malicious entry path the menace actor had used to acquire entry into the mailing record supplier.
- Submitted the malicious hyperlink to numerous blacklists, and it was then blocked by majority of web3 pockets suppliers and cloudflare.
Our investigation into the assault confirmed that:
- The menace actor imported a big electronic mail record of their very own into the mailing record platform for use for the phishing marketing campaign.
- The menace actor exported the weblog mailing record electronic mail addresses, which was a complete of 3759 electronic mail addresses.
- Once we in contrast the emails within the electronic mail record that the menace actor had imported, we might see that the weblog mailing record contained 81 electronic mail addresses that the menace actor didn’t beforehand have information of, and the remaining had been duplicate addresses.
- Analyzing on-chain transactions made to the menace actor between the time they despatched out the e-mail marketing campaign and the time the malicious area bought blocked, seem to point out that no victims misplaced funds throughout this particular marketing campaign despatched by the menace actor.
As we proceed engaged on this incident, now we have taken further measures akin to migrating some mail companies to different suppliers, to additional assist cut back the danger of this taking place once more.
We’re deeply sorry that this incident occurred, and are working diligently with each our inside safety group in addition to exterior safety groups to additional assist handle and examine this incident.
Any questions will be directed to safety@ethereum.org.
[ad_2]
