Over 35,000 Ethereum community members were exposed to a phishing attack after a threat actor compromised the project’s mailing list provider.
According to an official blog post, the attacker leveraged a combination of their own email list and a separate list exported from the Ethereum blog platform.
The phishing emails, disguised as an update from Ethereum itself, promised high returns through a fake collaboration with Lido DAO. Clicking the malicious link within the email would have directed users to a fraudulent website designed to steal their cryptocurrency.
Fortunately, the incident appears to have been contained with minimal impact on users. Ethereum reports that only a small number of the leaked addresses (around 80) were unknown to the attackers, suggesting they may have already targeted this group through other means.
