Coordinated Crypto Hacking and Phishing Campaign Floods Investor Emails: Alert
Updated 14:45 UTC, January 23: Added Hudson Rock report information
Fraudsters stole more than $580,000 from victims of an ongoing hacking and phishing attack using email addresses from major Web3 companies, including Cointelegraph, WalletConnect, and Token Terminal.
Cointelegraph contacted affected parties to confirm how the attackers used official email addresses to send malicious links. Email service provider MailerLite has confirmed that it was hacked and the company is investigating the matter.
Cryptocurrency investigator ZachXBT has identified a multichain address that amassed more than $580,000 in stolen cryptocurrency after receiving phishing emails on his Telegram channel.
The address contains a mix of 280 different crypto tokens, 86% of the wallet portfolio consists of Ether (ETH), which is 227 ETH at the time of writing.
Related: Trezor discloses 66,000 users affected by phishing attack
WalletConnect has warned that it is aware of a phishing email from X (formerly Twitter) that prompts users to click on a malicious airdrop link.
We are aware of an email that appears to be sent from an email address associated with WalletConnect and asks recipients to open a link in order to request weather.
We can confirm that this email is not directly from WalletConnect or any of WalletConnect's affiliates and… pic.twitter.com/bksAlMnWja
— WalletConnect (@WalletConnect) January 23, 2024
Users of Web3 SocialFi and antivirus app De.Fi are being targeted with an email advertising the launch of a launch pad, including a link to an airdrop. The attackers also announced a beta launch of a fake Token Terminal containing a key to request a virtual airdrop.
Wallet Connect COO Jess Houlgrave told the publication that the attackers were using the company's real email address to send phishing emails and that it was linked to MailerLite.
According to a report from cybersecurity forum Hudson Rock, researchers identified a copy of the CRYPTBOT Infostealer malware program on a computer belonging to a MailerLite employee. Hudson Rock said this malware program may have been used to gain access to MailerLite servers, which could be used to steal data that could be used for further attacks.
Cointelegraph is awaiting further information from MailerLite for more details on how the attackers were able to use public email addresses.
Token Terminal and De.Fi have yet to respond to requests for comment. According to information provided by Web3 security firm Blockaid, the attackers used the wallet-leaking software Angel Drainer, which was used in the high-profile Ledger Connect Kit attack in December 2023.
Investors should always exercise caution when dealing with emails that solicit unexpected weather announcements.
Magazine: A Real Doctor Who on the Web 3: Tony Pearce's Journey Through Time and Space
