According to the latest blog post on the Ethereum Foundation’s website, the organization’s “update” email account was hacked and used for phishing attacks. The attack promoted a fake staking program for Lido, Ethereum’s leading liquid staking platform.
About 35,794 phishing emails were sent to followers of the updates@blog.ethereum.org email address. The attackers potentially accessed the email addresses of 81 subscribers.
This type of attack, known as “Email Phishing,” involves hackers using a well-known organization’s email to send fraudulent links. These links direct users to a fake website asking them to log in and authenticate a transaction, allowing the attackers to withdraw funds from their wallets.
The fraudulent emails claimed that the Ethereum Foundation partnered with Lido DAO, which manages the Lido Liquid Staking protocol, to offer a 6.8% interest rate on assets like stETH, WETH, and ETH staked through a provided link. The email falsely stated that the staking program was verified and guaranteed by Ethereum.
Users who clicked the “Begin Staking” button in the email were redirected to a malicious phishing link disguised as the “Staking Launchpad.” If they click “Stake” on this site, a transaction will be executed and appear in their wallet. Once users sign this transaction, all funds in their wallets will be withdrawn.
The attackers exploited security vulnerabilities in SendPulse, the email service provider used by the Ethereum Foundation, to gain unauthorized access to the email list and distribute phishing links. The Ethereum Foundation quickly warned people only to click links sent from updates @ blog.ethereum.org once an official announcement was made.
The Ethereum Foundation blocked the access points used by the attackers to prevent further unauthorized access and notified Web3 wallet providers, Cloudflare, and the email list recipients to help users recognize and protect their accounts from phishing attempts.
The Ethereum Foundation has since restored the “update” email address and ensured no more malicious emails were sent to users. They also discovered that the attackers uploaded new email addresses not in the Ethereum Foundation’s subscription list, meaning some non-subscribers might have received the phishing emails. The attackers also exported 3,759 email addresses from the blog’s mailing list.
Fortunately, the Ethereum Foundation concluded that no users suffered financial losses from this attack. The organization stated:
“By analyzing on-chain transactions carried out by the attacker from when the emails were sent until they were blocked, it appears that no victims lost money in this phishing attempt.”
This incident serves as a wake-up call, highlighting that even organizations with a strong focus on security, like the Ethereum Foundation, can be vulnerable to attacks. The phishing website was highly sophisticated, making it possible for even cautious users to be deceived if they were not vigilant.
Phishing attacks are becoming increasingly sophisticated, making it easier for users to be tricked. According to a Scam Sniffer report published in early 2024, crypto users lost nearly $295 million to phishing attacks in 2023.
