Crypto Wallets Drained Off $600K Due To Ignored Phishing Attack
24 Janeiro 2024 - 9:00PM
NEWSBTC
On January 23, Wallet Connect and other web3 companies informed
their users about a phishing scam using official web3 companies’
email addresses to steal funds from thousands of crypto wallets.
Related Reading: By The Numbers: Crypto Users Lose $300 Million To
Phishing Scams In 2023 A Massive Phishing Campaign Wallet Connect
took X to notify its community about an authorized email sent from
a Wallet Connect-linked email address. This email prompted the
receivers to open a link to claim an airdrop, however, the link led
to a malicious site and, as Wallet Connect confirmed, it was not
issued directly by the team or anyone affiliated. Wallet Connect
contacted web3 security and privacy firm Blockaid to investigate
the phishing scam further. In the following hours, crypto sleuth
posted a community alert to inform unaware users that
CoinTelegraph, Token Terminal, and De.Fi team emails were also
compromised, signaling that a massive and more sophisticated
phishing campaign was happening. At the time of the post,
around $580K had been stolen. After investigating, Blockaid later
revealed that the attacker “was able to leverage a vulnerability in
email service provider MailerLite to impersonate web3 companies.”
Email phishing scams are common among cyber scammers, making users
wary of most suspicious links or emails. At the same time,
companies and entities advise against opening links that do not
come from their official channels. In this case, the attacker was
able to trick a vast number of users from these companies as the
malicious links came from their official email addresses. The
compromise allowed the attacker to send convincing emails with
malicious links attached that led to wallet drainer websites.
Specifically, the links led to several malicious dApps that utilize
the Angel Drainer Group infrastructure. The attackers, as Bloackaid
explained, took advantage of the data previously provided to Mailer
Lite, as it had been given access by these companies to send emails
on behalf of these sites’ domains before, specifically using
pre-existing DNS records, as detailed in the thread: Specifically,
they used “dangling dns” records which were created and associated
with Mailer Lite (previously used by these companies). After
closing their accounts these DNS records remain active, giving
attackers the opportunity to claim and impersonate these accounts.
pic.twitter.com/cbTpc5MXu1 — Blockaid (@blockaid_) January 23, 2024
MailerLite Explains Security Breach The explanation later came Via
an email, where MailerLite explained that the investigation showed
that a member of their customer support team inadvertently became
the initial point of the compromise. As the email explains: The
team member, responding to a customer inquiry via our support
portal, clicked on an image that was deceptively linked to a
fraudulent Google sign-in page. Mistakenly entering their
credentials there, the perpetrator(s) gained access to their
account. The intrusion was inadvertently authenticated by the team
member through a mobile phone confirmation, believing it to be a
legitimate access attempt. This breach enabled the perpetrators) to
penetrate our internal admin panel. MailerLite further adds that
the attacker reset the password for a specific user on the admin
panel to consolidate the unauthorized control further. This control
gave them access to 117 accounts, of which they only focused on
cryptocurrency-related accounts for the phishing campaign attack.
An anonymous Reddit user posted an analysis of the situation and
gave a closer look at the attacker’s transactions. The user
revealed: One victim wallet appears to have lost 2.64M worth of XB
Tokens. I’m showing about 2.7M sitting in the phishing wallet of
0xe7D13137923142A0424771E1778865b88752B3c7, while 518.75K went to
0xef3d9A1a4Bf6E042F5aaebe620B5cF327ea05d4D. The user stated that
most stolen funds were in the first phishing address. At the same
time, approximately $520,000 worth of ETH were sent to privacy
protocol Railgun, and he believes that they will soon be moved
through another mixer or exchange. Related Reading: 4 Ways Crypto
Investors Can Avoid Phishing Scams ETH is trading at
$2,232.92 in the hourly chart. Source: ETHUSDT on TradingView.com
Featured image from Unsplash.com, Chart from TradingView.com
Ethereum (COIN:ETHUSD)
Gráfico Histórico do Ativo
De Dez 2024 até Jan 2025
Ethereum (COIN:ETHUSD)
Gráfico Histórico do Ativo
De Jan 2024 até Jan 2025