Email service provider MailerLite was the victim of a phishing attack that targeted the crypto market, the company announced on Tuesday.
According to an email alert from the company, the attack occurred after a support team member clicked on a deceptive link, entered their Google credentials and verified the second level of testing — hackers gain access to Mailerlite's internal systems.
“Once they gained access, the criminals performed a password reset for a specific user on the admin panel, which further strengthened their unauthorized control,” Mailerlite said. “With this level of access, they were able to impersonate user accounts. The focus was only on cryptocurrency-related accounts.
Mailerlight said 117 accounts were opened by the attackers, and a small number were used to launch phishing campaigns using names, email addresses and any personal information uploaded to the service.
According to internet sleuth ZachXBT, affected accounts include CoinTelegraph, Wallet Connect, Token Terminal and De.Fi. Decrypt was also notified that the account had been accessed, but Mailerlite said no emails were sent from the system or the contact details were exported.
More than $580,000 was stolen because hackers were able to package their malicious links with templates from Mailerlite customers they knew, ZachXBT said. He also shared the address where the ill-gotten money was sent.
Web3 security firm Blockaid has raised its total haul to over $600,000.
“When MailerLite became aware of the incident, MailerLite successfully identified and resolved the issue, cutting off the access method used by criminals to infiltrate the platform,” MailerLite said. “MailerLite can ensure that the breach is completely stopped.”
Mailerlite said the company continues to monitor the situation.
“We will also make the necessary changes to our internal processes by contacting employees who do not follow these procedures and focusing on better safety training,” the company said.
Edited by Ryan Ozawa.
Stay on top of crypto news, get daily updates in your inbox.
