Web3 Phishing Attack, Scammer Uses Official Email Address For Leading Crypto Companies

JAKARTA - A number of fraudsters managed to steal more than USD 580,000 (IDR 9 billion) from victims without suspicion through continuous phishing and hacking attacks. They used email addresses from well-known Web3 companies, including Cointelegraph, WalletConnect, and Token Terminal.

Cointelegraph contacted the affected party to find out how the attacker used the official email address to send a malicious link. It is known that the email service provider, MailerLite, is suspected of having been hacked and the company has confirmed that they are investigating the matter.

A crypto investigator, ZachXBT, warned of multichain addresses on its Telegram channel that have raised more than USD 580,000 from stolen cryptocurrencies since phishing emails were sent. The address contains a mix of 280 different crypto tokens, with 86% of wallet portfolios containing Ether (ETH) worth 227 ETH at the time of news writing.

WalletConnect also warns users on X (previously Twitter) that they are aware of phishing emails encouraging users to click on malicious airdrop links.

Web3 SocialFi users and antiviral De.Fi apps are also targeted for promotional email related to launch, including the airdrop link. The attacker also announced the false launch of Terminal beta Tokens with buttons for fictitious airdrop claims.

WalletConnect COO, Jess Houllgrave, told media that attackers used the company's official email address to send phishing emails and they also communicated with MailerLite.

According to a report from cybersecurity platform Hudson Rock, their researchers identified a copy of the Infostealer CRYPTBOT malware program on a MailerLite employee's computer. Hudson Rock claims that this malware program may have been used to gain access to the MailerLite server, which is then used to steal data for further attacks.

Cointelegraph juga masih menunggu informasi lebih lanjut dari MailerLite, yang juga mereka digunakan sebagai penyedia layanan email, untuk rincian lebih lanjut tentang bagaimana penyerang diduga dapat menggunakan alamat email resmi.

Terminal and De.Fi tokens have not yet responded to requests for comment. Information provided by Web3 security firm Blockaid shows that attackers used Angel Drainer wallet depletion software, which was also used in the famous Ledger Connect Kit attack in December 2023.

Investors always have to be careful when interacting with emails claiming unexpected airdrop announcements.