HomeEthereumblog.ethereum.org mailing list incident | Ethereum Foundation Blog
blog.ethereum.org mailing list incident | Ethereum Foundation Blog
Ethereum

blog.ethereum.org mailing list incident | Ethereum Foundation Blog

crypto4unews
By crypto4unews

-

68
0


On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 email addresses by updates@blog.ethereum.org with the following content

Users who clicked the link in the email were sent to a malicious website:

This website had a crypto drainer running in the background, and if a user initiated their wallet and signed the transaction requested by their website their wallet would have been drained.

Our internal security team immediately launched an investigation to help determine who launched the attack, what the aim of the attack was, when it happened, who was affected, and how it happened.

Some of the intial actions taken were:

  • Prevented the threat actor from sending additional emails.
  • Sent out notifications via twitter and email to not click the link in question.
  • Closed down the malicious access path the threat actor had used to obtain access into the mailing list provider.
  • Submitted the malicious link to various blacklists, and it was then blocked by majority of web3 wallet providers and cloudflare.

Our investigation into the attack showed that:

  • The threat actor imported a large email list of their own into the mailing list platform to be used for the phishing campaign.
  • The threat actor exported the blog mailing list email addresses, which was a total of 3759 email addresses.
  • When we compared the emails in the email list that the threat actor had imported, we could see that the blog mailing list contained 81 email addresses that the threat actor did not previously have knowledge of, and the rest were duplicate addresses.
  • Analyzing on-chain transactions made to the threat actor between the time they sent out the email campaign and the time the malicious domain got blocked, appear to show that no victims lost funds during this specific campaign sent by the threat actor.

As we continue working on this incident, we have taken additional measures such as migrating some mail services to other providers, to further help reduce the risk of this happening again.

We are deeply sorry that this incident occurred, and are working diligently with both our internal security team as well as external security teams to further help address and investigate this incident.

Any questions can be directed to security@ethereum.org.



Source link

Previous article
CrytocoinMiner Lets You Make Money Every Day
Next article
Investors Look To This New Altcoin For Gains
crypto4unews
crypto4unewshttps://crypto4unews.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

LATEST POSTS

Bitcoin

Robinhood Cooks With Stock Tokens, Futures, and Its Chain

Key TakeawaysRobinhood unveils tokenized stock assets on the Arbitrum network for its users in the EU and the U.S.Robinhood to allow EU traders access...
Bitcoin

Hyra Network Honored as “Technology Startup of the Year” at the 2025 Globee® Awards

Dubai, United Arab Emirates, July 1st, 2025, ChainwireDecentralized AI Framework Gains Recognition for Expanding Access to Compute Power.The digital economy has witnessed transformative platforms...
Bitcoin

Shheikh.io Launches SHHEIKH Token Presale for Blockchain-Backed Real‑World Asset Investments

Zurich, Switzerland, June 30th, 2025, ChainwireShheikh.io Introduces Tokenization Platform for Real-World Luxury Assets, Including Properties in Dubai, Lisbon, Rome, and Bali, as Well as...
Bitcoin

All You Need To Know About Teddy Pornprinya, The Co-Founder of Plume Network

Key TakeawaysIn 2021, he joined Coinbase to help source and evaluate early-stage crypto deals, gaining deep insight into Web3 startups. At Swim Protocol, he assumed...
Load more

Most Popular

Subscribe to our newsletter!

The information provided on Crypto4Unews.com is for informational purposes only and should not be considered financial advice. Cryptocurrency investments carry risks, and it is crucial to conduct your own research and consult with a financial advisor before making any investment decisions. We strive to deliver accurate and up-to-date information, but we cannot guarantee the reliability or completeness of the content. Crypto4Unews.com is not responsible for any losses or damages arising from the use of our site or reliance on its information. Always invest responsibly and be aware of market volatility.

Latest articles

Popular Categories

© Copyright - 2024 crypto4unews.com. All rights reserved.