Coordinated Phishing Scam Targets Web3 Market, Resulting in $580K Loss

Coordinated Phishing Scam Targets Web3 Market, Resulting in $580K Loss

A coordinated phishing attack targeted the cryptocurrency market, resulting in losses exceeding $580,000.

On-chain sleuth ZachXBT claims that suspicious users received emails imitating web3 businesses like CoinTelegraph, Token Terminal, and Wallet Connect.

The emails tricked users into clicking “airdrop claim” links, which were just links to websites that stole their money, even though they appeared to be from the aforementioned companies’ official addresses.

The excerpts from ZachXBT’s post demonstrated how hackers replicated the companies’ original mail templates using highly skilled methods.

ZachXBT reported the address where the pilfered funds were moved.

Mailer Lite is hacked

A subsequent investigation by web3 security company Blockaid showed that email service provider Mailer Lite hacking was the primary cause of the problem.

Hackers were able to gain unauthorized access to Mailer Lite’s system due to a vulnerability. Following that, they assumed the identities of well-known cryptocurrency-related businesses.

According to Blockaid, attackers took advantage of the fact that Mailer Lite had previously been permitted to send emails on behalf of these sites’ domains, enabling them to craft emails that seemed to be coming from these organizations.

Token Terminal and WalletConnect respond

The impacted businesses, whose addresses were used fraudulently, moved quickly to appease their customer base.

According to Token Terminal, they have cut off their domain from Mailer Lite. Additionally, the company erased all subscriber data to prevent future issues.

Additionally, WalletConnect informed its users that they were aggravating the situation and advised them not to respond to the email about the airdrop claim.

DeFi users were led to believe that the airdrop was a component of the introduction of modern staking options on the Launchpad of the platform.

Cointelegraph users were, however, informed that the cryptocurrency media outlet was commemorating ten years of operation. Interestingly, there was no discernible difference between the phishing attack email addresses and the real addresses of the companies impersonating them. This caused a number of the scam’s intended victims to fall for it. ZachXBT reported that users had lost $580,000 thus far.

The affected businesses issued multiple statements to warn users and disassociate themselves from the hacking attempts as word of the coordinated phishing attacks spread. Users were advised not to click on any links related to airdrops. WalletConnect clarified that they are aware of an email directing recipients to click on a link to redeem an airdrop, which seems to have been sent from an account connected to WalletConnect. They continued by saying that they could verify that the link in this email seems to take users to a malicious website and that neither WalletConnect nor any of its affiliates sent this email directly.

Rising reports of phishing websites are becoming a concern. This was also consistent with wallet-drainer services’ steady rise.

Airdrops were being used more and more as a tool to deplete cryptocurrency holdings. Users should exercise extra caution in these situations, and it’s always a good idea to do your homework before accepting an offer.

Other platforms that have suffered similar losses have also started surfacing. A commenter on ZachXBT’s post says, “There have been massive data breaches going around recently. And another one just the other day from Trello. So phishing emails are probably going to ramp up even more in the coming days. And please have a separate email for all crypto forms you fill out; don’t use your email.”

Image credits: Shutterstock, CC images, Midjourney, Unsplash.