The Ethereum Foundation’s email account was hacked on June 23, leading to a phishing scam promoting fake Lido staking offers, according to a July 2 blog post from the foundation. The hacked account has since been recovered, and malicious emails are no longer being sent.
In the attack, 35,794 scam emails were dispatched from the official [email protected] address. While no cryptocurrency was lost, the email addresses of 81 subscribers were exposed to the attacker.
The fraudulent emails claimed a partnership between the Ethereum Foundation and LidoDAO, promising a 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether deposits. Users who clicked the “Begin Staking” button were redirected to a fake web app that masqueraded as a “Staking Launchpad.” Approving the transaction from this app would have drained the user’s wallet.
Upon discovering the breach, the foundation blocked the attacker, closed the access path used for the hack, and sent warnings to blacklists, Web3 wallet providers, and Cloudflare to protect users from the malicious site.
The investigation revealed that the attacker had uploaded a database with new email addresses not initially part of the Ethereum Foundation’s list, suggesting that non-subscribers might have received the scam emails. Additionally, the attacker exported a list containing 3,759 email addresses from the blog’s mailing list.
Fortunately, the foundation’s analysis showed that no funds were lost during the campaign. Phishing remains a significant threat in the crypto world. Recent incidents include a MakerDAO member losing $11 million on June 23 due to fake web app interactions and a similar hack on Hadera Hashgraph’s marketing email on June 26.
Receive intel reports across 15+ web3 sectors daily –early access.