Ethereum Foundation Email Hacked in Major Phishing Scam

NAIROBI (BingCrypto.com) —  On June 23, the Ethereum Foundation’s email server was compromised, resulting in a phishing scam targeting its subscribers. The foundation has since recovered the account, but not before 35,794 scam emails were sent.

Fake Lido Staking Offer Targets Thousands

The hacked emails, sent from the official updates@blog.ethereum.org address, falsely claimed a partnership with LidoDAO. They promised a 6.8% yield on staked Ether (ETH), Wrapped Ether (WETH), or stETH deposits, assuring recipients that the staking process was “Protected and Verified by The Ethereum Foundation.” Users who clicked the “Begin Staking” button were directed to a malicious web app designed to drain their wallets if they approved transactions.

Upon discovering the breach, the Ethereum Foundation swiftly blocked the attacker from sending more emails, closed the malicious access path, and alerted various blacklists, Web3 wallet providers, and Cloudflare to warn users about the fraudulent site. Fortunately, no users lost cryptocurrency, although the email addresses of 81 subscribers were exposed to the attacker.

Swift Action Prevents Financial Loss

The investigation revealed that the attacker imported a large list of new email addresses into the mailing list platform, suggesting that some recipients of the scam emails were not original subscribers. Additionally, the attacker exported 3,759 email addresses from the Foundation’s blog mailing list, with 81 of these addresses being new to the attacker.

In response, the Ethereum Foundation migrated some mail services to other providers to enhance security and mitigate future risks. The Foundation continues to work with internal and external security teams to address the incident comprehensively.

This incident underscores the persistent threat of phishing scams in the crypto industry and highlights the need for robust security measures and user vigilance. The Ethereum Foundation’s swift response and transparency in managing the breach demonstrate the importance of immediate action in protecting the community.

As the investigation continues, the Foundation remains committed to ensuring user safety and preventing similar attacks in the future. Users are urged to verify the authenticity of emails before engaging with any links or providing sensitive information.