A prominent email service provider used by cryptocurrency companies has been compromised, according to Tether CEO Paolo Ardoino.
We received now 2 independent confirmations that a prominent vendor used by crypto companies to manage mailing lists might have been compromised.
Not making names yet until investigation is completed, but please beware of any emails suggesting crypto-airdrops received since 24h…
— Paolo Ardoino ?? (@paoloardoino) June 5, 2024
“Not making names yet until investigation is completed, but please beware of any emails suggesting crypto-airdrops received since 24h,” warned the company head.
CoinGecko co-founder and COO Bobby Ong also reported a potential breach of the service. He noted that malicious emails are being sent on behalf of crypto firms, containing offers of coin giveaways.
PSA: There is an ongoing supply chain email breach attack happening with an email newsletter vendor right now. Several crypto companies may be affected via email blasts of fake token launches. Be careful with email newsletters in the coming days.
We at CoinGecko may be…
— Bobby Ong (@bobbyong) June 5, 2024
“Potentially we at CoinGecko may be affected, so we are actively working with our provider to further investigate and determine the extent of the issue. We have seen phishing emails sent on behalf of CoinGecko from other client accounts,” he added.
Ong reiterated that the crypto asset tracking service does not intend to launch its own token.
CoinGecko reported that the breach occurred on the side of service provider GetResponse. The attacker exported 1,916,596 contacts from the account and sent phishing emails to 23,723 addresses.
Personal information included the user’s name, email, and some metadata. Service representatives emphasized that the unknown party did not obtain “any passwords.”
“Be cautious of emails from unfamiliar or misleading domains; do not click on links or download attachments from unwanted sources; be wary of emails claiming to offer token giveaways,” added CoinGecko.
In January, email marketing service provider Mailer Lite fell victim to an attack that caused over $600,000 in damages. The incident affected Cointelegraph, Wallet Connect, Token Terminal, and several DeFi projects.
Back in November 2023, users of Trezor hardware wallets encountered a malicious email campaign.