A huge number of Ether (ETH) investors were targeted in a phishing campaign directing users to a crypto-draining site, the cryptocurrency issuing company Ethereum said in a blog post.
The threat actor used an email address list of their own, combined with one exported from the company’s blog mailing list, to send fabricated offers to users.
“On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 email addresses by updates@blog.ethereum.org,” Ethereum said. “The threat actor exported the blog mailing list email addresses, which was a total of 3759 email addresses.”
When matched, the company said it found 81 email addresses in the exported mailing list that were not part of the threat actor’s own list.
Phished to a crypto drainer
The phishing emails posed as an announcement claiming that the Ethereum Foundation had teamed up with the Lido decentralized autonomous organization (LidoDAO) to provide a 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether (ETH) deposits. The message assured subscribers that the staking would be “Protected and Verified by The Ethereum Foundation.”
“This website had a crypto drainer running in the background, and if a user initiated their wallet and signed the transaction requested by their website their wallet would have been drained,” the open-source blockchain platform said in the blog.
The company reassured that an analysis of the on-chain transactions with the threat actor revealed that no investors lost funds in the campaign. The malicious website link has been sent to be added to various blacklists, leading to its blocking by a majority of web3 wallet providers and Cloudflare.
Additionally, the threat actor was prevented from sending additional emails and users have been warned through tweets and emails not to click on the suspicious links.
Crypto theft on the rise
A considerable increase in crypto theft has been observed in the last few years because of crypto’s growing popularity and vulnerabilities in the underlying technology. In one of the biggest heists of this year, hackers breached the crypto gaming platform PlayDapp, stealing PLA tokens worth $290 million.
Earlier this year, the Singapore police department warned users of a series of crypto-draining campaigns that used a drainer-as-a-service (DaaS) software kit to steal from at least 6200 users in a single month. Additionally, a recent study revealed threat actors compromised over 2,000 WordPress sites, turning them into crypto-draining portals.
Ethereum has started an investigation into the incident to determine further details of the attack. “As we continue working on this incident, we have taken additional measures such as migrating some mail services to other providers, to further help reduce the risk of this happening again,” the company said.