Over 35,000 Ethereum community members were exposed to a phishing attack after a threat actor compromised the project’s mailing list provider.
According to an official blog post, the attacker leveraged a combination of their own email list and a separate list exported from the Ethereum blog platform.
The phishing emails, disguised as an update from Ethereum itself, promised high returns through a fake collaboration with Lido DAO. Clicking the malicious link within the email would have directed users to a fraudulent website designed to steal their cryptocurrency.
Fortunately, the incident appears to have been contained with minimal impact on users. Ethereum reports that only a small number of the leaked addresses (around 80) were unknown to the attackers, suggesting they may have already targeted this group through other means.
Bijay Pokharel
Related posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.