The Ethereum Foundation experienced a breach in its email account, which was used to promote a scam disguised as a Lido staking scheme. On June 23, the email account used for official updates was compromised, sending scam emails to 35,794 addresses.
The fraudulent emails claimed a partnership between the Ethereum Foundation and the Lido decentralized autonomous organization (LidoDAO). The email promised a 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether (ETH) deposits.
βThe collaboration harnesses the strengths of both organizations to deliver deep liquidity and competitive rewards, enhancing your staking experience with over 100+ integrations,β
The email further mentioned that the staking service would be βprotected and verifiedβ by the Ethereum Foundation. A “Begin Staking” button at the bottom redirected users to a malicious website created by the attackers.
Dubbed βStaking Launchpad,β this fake website allegedly had a crypto drainer running in the background, designed to look professional. Users clicking on the βStakeβ button were asked to approve a transaction in their wallet, resulting in all funds being drained from their account.
At the time of writing, the foundation stated it had regained control of the compromised email address. Their investigation revealed that no funds were lost during the attack.
βAnalyzing on-chain transactions made to the threat actor between the time they sent out the email campaign and the time the malicious domain got blocked appear to show that no victims lost funds during this specific campaign sent by the threat actor,β
The foundation also discovered that the hacker had uploaded a database containing email addresses not part of the Foundationβs subscribers list, leading to several non-subscribers receiving the scam email. The attacker exported a list of 3,759 email addresses, but only 81 were unique, with the rest being duplicates.
The foundation estimated that 81 subscribers were affected. They have reached out to several wallet providers, blacklists, and DNS provider Cloudflare to warn users about the malicious website.
The cryptocurrency industry frequently encounters phishing schemes via email. In early June, prominent crypto figures warned about a compromised email vendor sending scam emails promoting fake airdrops. Similar incidents have occurred, involving the email addresses of several crypto-related entities.
Stay updated with the latest cryptocurrency news and developments by exploring more on Global Crypto News.