MailerLite confirms hack that led to $3.3M crypto-phishing email attack
Email marketing firm MailerLite has confirmed that hackers gained access to the accounts of major Web3 companies to carry out phishing email scams that cost subscribers an estimated $3.3 million.
Cointelegraph was among a handful of Web3 companies targeted in the January 23 attack, with emails sent from the official accounts of WalletConnect, Token Terminal and De.Fi containing malicious links containing wallet draining software.
Hours after the emails were sent to subscribers, MailerLite released details of how its system was compromised in a social engineering attack targeting a customer support employee.
“While responding to a customer request through the support portal, a member of the team clicked on an image that fraudulently linked to a fraudulent Google login page,” the statement said.
The employee then unwittingly authenticated access, giving attackers access to MailerLite's internal admin panel. The hackers gained more control by resetting a specific user's password through the admin panel.
“With this level of access, they were able to impersonate user accounts. The focus was only on cryptocurrency-related accounts.
MailerLite said the hackers accessed 117 accounts but used a smaller number of phishing campaigns. The service provider warned that its customers' and subscribers' data, including full names, email addresses and personal data uploaded to MailerLite, were affected.
Cointelegraph reached out to MailerLite's support team and received no further information about the incident, despite being a prime target of phishing email scams.
Blockchain analytics platform Nansen helped Cointelegraph estimate the value of the funds stolen by the attackers. According to the research team, the main wallet has seen a total revenue of $3.3 million by tracking token flows on Nansen-backed blockchains.
“But $2.6 million of that number is Xbanking tokens, which seems to be sold only on the Latoken exchange[via CoinGecko]. And it seems less liquid. 2.6 million is 80% of the diluted value, and it might be hard to change it,” Nansen's team told Cointelegraph. .
RELATED: Man and Machine: Nansen Analytics Slowly Names Global Wallets
By subtracting the Xbanking (XB) tokens from the total looted funds, Nansen reduced the looted amount to an easily converted $700,000.
A detailed thread on Reddit from an anonymous user also reached a similar estimate of the total funds stolen in the crash. Nansen confirmed the findings, which included the mention of XB tokens.
Both Nansen and Reddit post that the attackers used the privacy protocol Railgun to intercept the stolen tokens. The system is a privacy solution built directly on-chain for Ethereum, BNB Chain, Polygon and Arbitrum that uses zero-knowledge cryptography to enable private use of smart contracts and decentralized financial protocols.
Magazine: Blockchain Investigators: M. Gox's Collapse Begat Chinaliss
