NewsBTC
2024-01-25 00:00:58

Crypto Wallets Drained Off $600K Due To Ignored Phishing Attack

On January 23, Wallet Connect and other web3 companies informed their users about a phishing scam using official web3 companies’ email addresses to steal funds from thousands of crypto wallets. Related Reading: By The Numbers: Crypto Users Lose $300 Million To Phishing Scams In 2023 A Massive Phishing Campaign Wallet Connect took X to notify its community about an authorized email sent from a Wallet Connect-linked email address. This email prompted the receivers to open a link to claim an airdrop, however, the link led to a malicious site and, as Wallet Connect confirmed, it was not issued directly by the team or anyone affiliated. Wallet Connect contacted web3 security and privacy firm Blockaid to investigate the phishing scam further. In the following hours, crypto sleuth posted a community alert to inform unaware users that CoinTelegraph, Token Terminal, and De.Fi team emails were also compromised, signaling that a massive and more sophisticated phishing campaign was happening. At the time of the post, around $580K had been stolen. After investigating, Blockaid later revealed that the attacker “was able to leverage a vulnerability in email service provider MailerLite to impersonate web3 companies.” Email phishing scams are common among cyber scammers, making users wary of most suspicious links or emails. At the same time, companies and entities advise against opening links that do not come from their official channels. In this case, the attacker was able to trick a vast number of users from these companies as the malicious links came from their official email addresses. The compromise allowed the attacker to send convincing emails with malicious links attached that led to wallet drainer websites. Specifically, the links led to several malicious dApps that utilize the Angel Drainer Group infrastructure. The attackers, as Bloackaid explained, took advantage of the data previously provided to Mailer Lite, as it had been given access by these companies to send emails on behalf of these sites’ domains before, specifically using pre-existing DNS records, as detailed in the thread: Specifically, they used “dangling dns” records which were created and associated with Mailer Lite (previously used by these companies). After closing their accounts these DNS records remain active, giving attackers the opportunity to claim and impersonate these accounts. pic.twitter.com/cbTpc5MXu1 — Blockaid (@blockaid_) January 23, 2024 MailerLite Explains Security Breach The explanation later came Via an email, where MailerLite explained that the investigation showed that a member of their customer support team inadvertently became the initial point of the compromise. As the email explains: The team member, responding to a customer inquiry via our support portal, clicked on an image that was deceptively linked to a fraudulent Google sign-in page. Mistakenly entering their credentials there, the perpetrator(s) gained access to their account. The intrusion was inadvertently authenticated by the team member through a mobile phone confirmation, believing it to be a legitimate access attempt. This breach enabled the perpetrators) to penetrate our internal admin panel. MailerLite further adds that the attacker reset the password for a specific user on the admin panel to consolidate the unauthorized control further. This control gave them access to 117 accounts, of which they only focused on cryptocurrency-related accounts for the phishing campaign attack. An anonymous Reddit user posted an analysis of the situation and gave a closer look at the attacker’s transactions. The user revealed: One victim wallet appears to have lost 2.64M worth of XB Tokens. I’m showing about 2.7M sitting in the phishing wallet of 0xe7D13137923142A0424771E1778865b88752B3c7, while 518.75K went to 0xef3d9A1a4Bf6E042F5aaebe620B5cF327ea05d4D. The user stated that most stolen funds were in the first phishing address. At the same time, approximately $520,000 worth of ETH were sent to privacy protocol Railgun, and he believes that they will soon be moved through another mixer or exchange. Related Reading: 4 Ways Crypto Investors Can Avoid Phishing Scams ETH is trading at $2,232.92 in the hourly chart. Source: ETHUSDT on TradingView.com Featured image from Unsplash.com, Chart from TradingView.com

Crypto 뉴스 레터 받기
면책 조항 읽기 : 본 웹 사이트, 하이퍼 링크 사이트, 관련 응용 프로그램, 포럼, 블로그, 소셜 미디어 계정 및 기타 플랫폼 (이하 "사이트")에 제공된 모든 콘텐츠는 제 3 자 출처에서 구입 한 일반적인 정보 용입니다. 우리는 정확성과 업데이트 성을 포함하여 우리의 콘텐츠와 관련하여 어떠한 종류의 보증도하지 않습니다. 우리가 제공하는 컨텐츠의 어떤 부분도 금융 조언, 법률 자문 또는 기타 용도에 대한 귀하의 특정 신뢰를위한 다른 형태의 조언을 구성하지 않습니다. 당사 콘텐츠의 사용 또는 의존은 전적으로 귀하의 책임과 재량에 달려 있습니다. 당신은 그들에게 의존하기 전에 우리 자신의 연구를 수행하고, 검토하고, 분석하고, 검증해야합니다. 거래는 큰 손실로 이어질 수있는 매우 위험한 활동이므로 결정을 내리기 전에 재무 고문에게 문의하십시오. 본 사이트의 어떠한 콘텐츠도 모집 또는 제공을 목적으로하지 않습니다.