Ethereum Foundation Reports Phishing Incident Affecting Mailing List
The Ethereum Foundation has reported a significant phishing incident that compromised its mailing list. According to the Ethereum Foundation Blog , the attack occurred on June 23, 2024, at 00:19 AM UTC. A phishing email was sent to 35,794 email addresses from the email address updates@blog.ethereum.org.
Details of the Phishing Attack
The phishing email directed recipients to a malicious website designed to drain cryptocurrency wallets. Users who clicked the link and signed the transaction on the site had their wallets compromised. The Ethereum Foundation's internal security team promptly initiated an investigation to identify the attacker, understand the attack's objectives, and assess the impact.
Immediate Security Measures
In response to the attack, the Ethereum Foundation took several immediate actions:
- Blocked the attacker from sending further emails.
- Issued warnings via Twitter and email advising users not to click the phishing link.
- Closed the access path exploited by the attacker to breach the mailing list provider.
- Submitted the malicious link to various blacklists, resulting in its blockage by most web3 wallet providers and Cloudflare.
Investigation Findings
The investigation revealed that the attacker had imported a large email list into the mailing platform for the phishing campaign. Additionally, the attacker exported 3,759 email addresses from the Ethereum blog mailing list. A comparison of the imported and exported lists indicated that 81 email addresses were previously unknown to the attacker, while the rest were duplicates.
On-chain transaction analysis showed no funds were lost during this specific phishing campaign. The Ethereum Foundation has since migrated some mail services to other providers to mitigate future risks.
Ongoing Efforts
The Ethereum Foundation expressed regret over the incident and emphasized its commitment to working with internal and external security teams to further investigate and address the breach. Users with questions are encouraged to contact the foundation at security@ethereum.org .
Image source: ShutterstockDisclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Donald Trump's Son Eric Trump's Elon Musk Tactic! "After Ethereum, Bitcoin (BTC) Sharing Has Come Too!"
Eric Trump said that now is a good time to accumulate Bitcoin after Ethereum.
JPMorgan's Huge Cryptocurrency Survey! What Do Investors Think About Bitcoin (BTC) and Altcoins?
According to JPMorgan survey results, 71% of institutional investors stated that they do not plan to trade cryptocurrencies in 2025.
Why Ethereum (ETH) Cannot Rise? JPMorgan Analysts Explained, Warned for What Happened After!
JPMorgan warns that Ethereum could continue its poor performance.
SEC weighs proposal to change BlackRock's spot Bitcoin ETF to allow in-kind redemptions
The SEC asked for comments to be sent in 21 days after its filing is published in the Federal Register.Over a year ago when the SEC was considering whether to approve spot Bitcoin ETFs, firms were hashing out technical details over how the redemption process should work settling on cash, not in-kind.
Trending news
MoreCrypto prices
More
