Cryptocurrency market problems: Trust no one
A wave of phishing attacks has swept the cryptocurrency world. Using a security breach in a tool designed for email marketing, hackers have managed to impersonate regular users. Against this backdrop, investors should be wary of anything out of the ordinary.
Several decentralized financial projects have fallen victim to hackers in recent days. As ZachXBT, a detective specializing in blockchain analysis, explains on X (formerly Twitter), the attackers managed to send out emails impersonating companies. To do so, they took over the official email addresses of the targeted companies.
Using the compromised address, the attackers organized a very convincing phishing attack. Some people with cryptocurrency wallets received an email inviting them to participate in an airdrop. Very common in the world of decentralized finance, airdrop involves receiving free tokens as part of a project launch or new feature. To get the free digital assets, all you have to do is connect your digital wallet to the blockchain.
"We are excited to share with you exciting news that is sure to pique your interest. As a valued member of our community, we wanted to personally inform you about the upcoming TokenTerminal Beta Access Airdrop promotion. We are about to introduce the beta version of TokenTerminal, and we want you to be among the first to experience its innovative features and functionality. To show our gratitude for your continued support, we have decided to mark this milestone with a special Airdrop exclusively for members of our community," the fictitious letter reads.
Unfortunately, investors tended to agree without much thought, attracted by the opportunity and reassured by the official address. The hackers sprang into action, draining all the funds stored in investors' portfolios. According to ZachXBT, they quickly raised a tidy sum of $600,000. The malicious line of code inserted into the hackers' website is programmed to transfer all funds to a blockchain address. Note that this is the same malicious code used in the hack of Ledger, a French giant offering hardware wallets, in December - BlockWorks told BlockAid, a startup specializing in cybersecurity for decentralized finance.
Organizations that were attacked included specialty media outlet CoinTelegraph, WalletConnect, an open-source protocol that facilitates communication between decentralized applications and wallets, Token Terminal, a platform that provides a wealth of data on digital currencies, and portfolio tracker De.Fi. These companies were quick to warn their users on social media. Token Terminal, for example, confirmed that the email was not created by its team and then announced an investigation to find out the origin of the email. Unfortunately, the email was sent.
According to an investigation by Blockaid researchers, the operation was based on security issues found in MailerLite, a platform used to automate the sending of promotional emails. Several hacked organizations confirmed that the phishing email was indeed sent through this service. All of the affected investors had accounts opened on this platform.
Attackers quickly exploited the vulnerability to send users "compelling emails with links to malicious sites." MailerLite had previously gained permission to send emails on behalf of domains. It was this flaw that made the attack so successful. At this point, we recommend that you exercise extreme caution. Think twice before linking your blockchain wallet to receive cryptocurrencies.