The Ethereum Foundation has disclosed that it has been able to regain control of the compromised email address.
The Ethereum Foundation (EF) has issued a security alert to its email subscribers of a recent phishing attack carried out by bad actors. This follows after hackers recently gained access to the organization’s official email account, using the same to send out scam messages that promoted a fake Lido staking program.
The Scam Email
The “updates@blog.ethereum.org” email address was compromised on June 23rd and was subsequently used to send scam emails to at least 35,794 recipients on the day. According to EF, the email deceptively announced that the organization had entered into a partnership with the Lido decentralized autonomous organization (LidoDAO). The partnership, as the scam email cited, was geared towards a supposed staking scheme that will see users earn a massive 6.8% yield on staked crypto (stETH, WETH, or ETH deposits).
The scam email also claimed that the “collaboration” would provide “deep liquidity and competitive rewards” alongside security. It noted that the staking service was “protected and verified” by the Ethereum Foundation.
A “Begin Staking” button was also attached to the email, designed to lead users to the realm of the unknown.
Ethereum Foundation Says Email Hack Damage Was ‘Minimal’
To perfect their scam plot, the attackers created a professional-looking website dubbed “Staking Launchpad”. This website awaited unsuspecting users who clicked the staking button. Anyone who managed to click the button contained in the email would have been redirected to the fake website, which had also been booby-trapped with a drainer that ran in the background. Upon clicking, users were prompted to approve a transaction in their crypto wallet. Whereas, granting such approval would have resulted in the complete removal of funds within their accounts.
On the bright side, though, the Ethereum Foundation has disclosed that it has been able to regain control of the compromised email address. That is before it caused widespread financial losses. Fortunately, investigations revealed that this particular attempt by attackers did not yield any tangible results for them. According to EF, the email hack did not result in any financial loss. However, it did expose the email addresses of 81 subscribers who were not part of the original mailing list.
Not leaving anything to chance, the Ethereum Foundation has taken proactive measures by contacting major wallet providers, blacklisting services, and DNS provider Cloudflare. This collaboration aims to warn users and prevent further exploitation through the fake website.
next