Scammers have successfully stolen over $580,000 from victims through a series of hacking and phishing attacks, leveraging email addresses from prominent Web3 companies such as Cointelegraph, WalletConnect, and Token Terminal. These attacks have involved sending malicious links from seemingly official email sources. It has been suggested that the email service provider MailerLite might have been compromised in this process, and the company has acknowledged that they are conducting an investigation into the matter.
Cryptocurrency investigator ZachXBT brought attention to this issue by highlighting a multi-chain address on his Telegram channel. This address has accumulated over $580,000 in various stolen cryptocurrencies since the initiation of the phishing emails. Analysis of the wallet reveals a diverse holding of 280 different cryptocurrency tokens, with Ethereum making up 86% of the total value, amounting to 227 ETH at the time of writing.
The attackers didn't just stop at using the email addresses; they also targeted users of Web3 SocialFi and the antivirus app De.Fi. They sent emails advertising the launch of a new launchpad, which included links to a supposed airdrop. Additionally, they announced the release of a fraudulent beta version of Token Terminal, complete with a button to claim a non-existent airdrop.
Jess Houlgrave, the chief operating officer of Wallet Connect, confirmed that the company's official email addresses were used to send out these phishing emails. Wallet Connect is actively coordinating with MailerLite to address this security breach. Meanwhile, cybersecurity platform Hudson Rock reported that their researchers found traces of the CRYPTBOT Infostealer malware on MailerLite employees' computers. Hudson Rock speculates that this malware might have facilitated access to MailerLite's servers, enabling further data theft for subsequent attacks.
Token Terminal and De.Fi have yet to make any official comments on the matter. Web3 security firm Blockaid provided insights indicating that the attackers utilized the Angel Drainer wallet-stealing software in these phishing attacks. This software was also implicated in the Ledger Connect Kit attack that occurred in December 2023. Given these developments, investors are advised to exercise extreme caution when encountering emails with unexpected airdrop offers.
