Techly NewsGet the app

Get the latest tech news

Blog.ethereum.org Mailing List Incident


On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 email addresses by updates@blog.ethereum.org with the following content Users who clicked the link in the email were sent to a malicious website: This website had a crypto drainer running in the background, and if a user initiated their wallet and signed the transaction requested by their website their wallet would have been drained. Our internal security team immediately launched an investigation to help determine who launched the attack, what the aim of the attack was, when it happened, who was affected, and how it happened.

Submitted the malicious link to various blacklists, and it was then blocked by majority of web3 wallet providers and cloudflare. Analyzing on-chain transactions made to the threat actor between the time they sent out the email campaign and the time the malicious domain got blocked, appear to show that no victims lost funds during this specific campaign sent by the threat actor. As we continue working on this incident, we have taken additional measures such as migrating some mail services to other providers, to further help reduce the risk of this happening again.

Get the Android app

Or read this on Hacker News

« South Korea Hikes Growth Forecast Sharply as Demand for AI Booms
AI Startups Inject Some Life Into VC Dealmaking in the US »