Overview of the Phishing Attack
In a recent development, several high-profile crypto data and news providers, including the likes of Cointelegraph, WalletConnect, Token Terminal, and De.Fi, have been implicated in what appears to be a phishing scam. These companies’ email addresses have been used to send fraudulent emails, duping recipients into parting with sensitive information and funds.
Investigative Findings
Blockchain sleuth ZachXBT alerted the community via a Telegram post dated January 23, indicating that emails from domains resembling those of the legitimate companies were circulating. Blockchain analytics firm Arkham Intelligence has noted that the address linked to these emails has amassed hundreds of transactions, with a significant spike in activity on the same day. On the Ethereum network alone, Etherscan has recorded 80 transactions, with the attackers draining approximately $580,000.
Potential Hacking Techniques Employed
The exact method used by the attackers to send these deceptive emails remains undetermined. However, several techniques are suspected, including email spoofing, where the attacker forges the “from” field to mimic legitimate email addresses. Another possibility is the direct compromise of the companies’ email servers or individual employee email accounts, which could be achieved through phishing, malware, or the exploitation of previously breached credentials. A third-party email service provider breach is also a potential explanation, which would allow attackers to send emails from legitimate addresses.
Responses from Affected Companies
Cointelegraph has issued a warning to its readers, advising against interaction with the fraudulent emails, and has confirmed that the company does not issue airdrops. WalletConnect has acknowledged the phishing campaign and clarified that the misleading emails promoting a fake airdrop were not sent by its employees. The company is working with Blockaid, a crypto hack protection service, to address the issue. Similarly, Token Terminal and De.Fi have alerted their users, with De.Fi suggesting that their email service provider, MailerLite, was the attack vector used by the scammers, a situation that appears to have affected the other companies as well.
English