Ethereum Foundation alerts community to phishing email threat

The mailing list provider for the Ethereum Foundation blog was compromised on Sunday. The attackers sent out an email with a phishing link. Ethereum developer Tim Beiko alerted users to the breach and warned them not to click on any link in the email.

Also read: SEC permanently ends all investigations into Ethereum

However, Ethereum Foundation might not be the only crypto entity affected by the breach. One Ethereum investor noted that he got an identical mail through an address he registered with on-chain data provider Nansen.

Ethereum Foundation regains control

Based on the latest update from Beiko, the foundation has regained control of the email list and locked out all external access. To confirm this, the foundation sent a new mail alerting recipients about the previous email and telling them to ignore it. The new email read:

“Approximately 1 hour ago, you will have received an email titled “Now Available: Ethereum Foundation Staking Platform.” This email was not sent by us, the account we use to send these emails was compromised. We believe the issue is now contained. Please delete the previous email and DO NOT click any links in that email.”

However, none of the stakeholders have provided any information on how the breach happened or its extent. The mailing list provider SendPulse did not make any statement on the issue, with the last post on its Twitter account being in September 2023.

So far, there has not been any report of people losing their assets after opening the email. Most people quickly noticed something suspicious about an email from the Ethereum Foundation blog asking subscribers to stake ETH with Lido.

Email service providers are becoming prime targets for hackers

This is not the first time hackers have targeted an email service provider for a crypto entity. Bad actors have targeted third-party email management services for several years, but efforts have intensified recently.

Earlier this month, thousands of CoinGecko users received phishing emails after its email service provider, GetResponse, experienced a data breach. CoinGecko confirmed the incident, noting that the hackers exported the contact information of 1.9 million users.

Also read: Industry giants rally against the rising tide of crypto phishing attacks

Citing the publication on its website, “The attacker exported 1,916,596 contacts from CoinGecko’s GetResponse account and sent phishing emails to 23,723 emails from another GetResponse client’s account (alj.associates).”

Using this tactic, malicious actors can easily send emails containing phishing links to thousands. Depending on the type of phishing deployed, those who click on the link may give sensitive information to scammers or be tricked into sending funds to fraudulent addresses that look like their real ones through address spoofing. Sometimes, users even unknowingly authorize scammers to execute transactions on their behalf when they click on the phishing link.