Email marketing company MailerLite has acknowledged a security breach in which hackers gained access to a significant Web3 corporate account, resulting in a phishing email scam. The attack targeted several Web3 companies, including WalletConnect, Token Terminal, and De.Fi. Estimated losses from the phishing scam amount to $3.3 million, with emails containing malicious links sent to subscribers from official accounts at the targeted companies. MailerLite attributed the breach to a social engineering attack on its customer support employees.
According to MailerLite, the compromise occurred when a team member responded to a customer inquiry through the support portal and inadvertently clicked on an image that led to a fraudulent Google login page. This granted access to the attacker, who then accessed MailerLite's internal admin panel and reset a specific user's password. With this level of access, the attacker impersonated user accounts, focusing primarily on cryptocurrency-related accounts. A total of 117 accounts were compromised, but only a small number were used for phishing campaigns.
The data of MailerLite's customers and subscribers were affected, including full names, email addresses, and personal information uploaded to the platform. The attack resulted in the loss of $3.3 million, with blockchain analytics platform Nansen assisting in estimating the value of the stolen funds. The attackers used the privacy protocol Railgun to obscure the transfer of stolen tokens. Nansen's research team identified that $2.6 million of the total inflows were in Xbanking tokens, traded on the Latoken exchange. After subtracting Xbanking tokens, the more easily redeemable stolen funds were estimated at $700,000.
A detailed Reddit post by an anonymous user provided a similar estimate of the total amount of funds stolen during the incident. Both Nansen and the Reddit post highlighted the use of the privacy protocol Railgun by the attackers, emphasizing its role in obscuring token transfers. Railgun is designed as a privacy solution for Ethereum, BNB Chain, Polygon, and Arbitrum, utilizing zero-knowledge cryptography to enable private use of smart contracts and decentralized finance protocols.
