The Ethereum Foundation has reported a breach of its account on the SendPulse mailing service, which allowed hackers to initiate targeted phishing emails. The announcement was made by blockchain developer Tim Beiko.
Confirming we managed to send out an update. We should have locked down all external access, but still confirming. https://t.co/QJJPSW2fuY pic.twitter.com/sqmL4EmJbc
— timbeiko.eth (@TimBeiko) June 23, 2024
“About an hour ago, you received an email titled ‘Now Available: Ethereum Foundation Staking Platform’. We are not the senders; the account we use for mailings was compromised. We believe the issue is now resolved. Please delete the previous email and do not click any links in it,” the warning stated.
The attackers attempted to lure users with a purported “collaboration” between the Ethereum Foundation and Lido, offering to lock assets in the service at an annual rate of 6.8%.
No further details about the incident have been provided by the parties involved. The last entry in the SendPulse account dates back to September 2023.
In a comment to ForkLog, SendPulse representatives shared the results of their investigation into the incident. According to the company, the Ethereum Foundation account was breached using a Google Workspace account.
“There is no reason to believe that SendPulse infrastructure or other users’ accounts were compromised. We always strongly recommend that clients use two-factor authentication and restrict account access by IP addresses for additional protection,” the firm noted.
One user commented under Beiko’s post, stating that he received a fake email at the address he used for registering with Nansen. For security reasons, he changed all credentials on the platforms he uses.
I got one to the email address I used for Nansen. (I create different email addresses for every service I use.) This email address should have been exposed nowhere else but within Nansen.
— Cyrus Adkisson (@fivedogit) June 23, 2024
Recently, mailing services have become a popular tool for cybercriminals. Earlier in June, a leak occurred on the side of the provider GetResponse, used by CoinGecko and Tether.
The perpetrator exported 1,916,596 contacts from the account and sent phishing emails to 23,723 addresses.
Back in January, the email marketing service provider Mailer Lite fell victim to a phishing attack, resulting in damages exceeding $600,000.