Blog.ethereum.org Mailing List Incident
A phishing email targeted 35,794 Ethereum blog subscribers, attempting to drain wallets through a malicious link. Security measures were promptly taken, no funds were lost, and further precautions are underway.
Read original article
In a recent incident reported on the Ethereum Foundation Blog, a phishing email was sent to 35,794 email addresses from updates@blog.ethereum.org. The email contained a link to a malicious website that aimed to drain users' wallets through a crypto drainer. Immediate actions were taken by the internal security team, including preventing further emails, notifying users not to click the link, and blocking the malicious domain. The investigation revealed that the threat actor imported their email list and obtained 3759 email addresses from the blog mailing list. Fortunately, no funds were lost during this specific campaign. Additional security measures, such as migrating some mail services to other providers, are being implemented to prevent similar incidents. The Ethereum Foundation expressed regret over the incident and assured ongoing collaboration with internal and external security teams to address the issue. For further inquiries, individuals are encouraged to contact security@ethereum.org.
Related
Rabbit failed to properly reset keys: emails can be sent from rabbit.tech domain
Rabbit Inc. failed to reset all keys, leaving a fifth API key active, potentially exposing email history and user data. Despite investigations, no evidence of data breaches or system compromises found.
Anatomy of a Cryptocurrency Scam Operation
The article delves into a cryptocurrency scam scheme, illustrating how individuals can be lured by false promises of wealth through phishing messages. It warns against unrealistic profits and advises vigilance.
Microsoft Alerts More Customers to Email Theft in Expanding
Microsoft alerts more customers about email theft post-Midnight Blizzard hack by Russian government. Stolen emails accessed, shared with affected organizations for transparency. Ongoing attack used for planning further attacks. Assistance provided to mitigate risks.
Over 100K+ Sites Hit by Polyfill.io Supply Chain Attack
A supply chain attack on Polyfill.io affected 100,000+ websites, redirecting mobile users to a betting site. Security measures like link rewriting and integrity checks are advised to mitigate risks in web development.
Microsoft tells yet more customers their emails have been stolen
Microsoft notifies customers of email theft by Russian criminals, expanding breach scope. Compromised accounts' correspondents informed. US auto dealers face disruptions from cyber incident linked to CDK software. Rabbit R1 AI devices' security flaw disclosed. EU sanctions Russians for cyber attacks.
7 commentsTo steal people's crypto?
> The threat actor exported the blog mailing list email addresses, which was a total of 3759 email addresses.
3700 addresses doesn't seem like that much at all.
I think of stage coach robberies of US bonds, and the various bank “rug-pulls” (to use crypto fraud nomenclature) that occurred before the Coinage act of 1857 - but it’s such distant history it’s hard to find how people felt about it at the time.
What I’m getting at is this - is crypto fraud innate to it’s very essence, or did all “advancements” in banking technology have the same problem before everyone settled in and “got used” to attempts at fraud.
Related
Rabbit failed to properly reset keys: emails can be sent from rabbit.tech domain
Rabbit Inc. failed to reset all keys, leaving a fifth API key active, potentially exposing email history and user data. Despite investigations, no evidence of data breaches or system compromises found.
Anatomy of a Cryptocurrency Scam Operation
The article delves into a cryptocurrency scam scheme, illustrating how individuals can be lured by false promises of wealth through phishing messages. It warns against unrealistic profits and advises vigilance.
Microsoft Alerts More Customers to Email Theft in Expanding
Microsoft alerts more customers about email theft post-Midnight Blizzard hack by Russian government. Stolen emails accessed, shared with affected organizations for transparency. Ongoing attack used for planning further attacks. Assistance provided to mitigate risks.
Over 100K+ Sites Hit by Polyfill.io Supply Chain Attack
A supply chain attack on Polyfill.io affected 100,000+ websites, redirecting mobile users to a betting site. Security measures like link rewriting and integrity checks are advised to mitigate risks in web development.
Microsoft tells yet more customers their emails have been stolen
Microsoft notifies customers of email theft by Russian criminals, expanding breach scope. Compromised accounts' correspondents informed. US auto dealers face disruptions from cyber incident linked to CDK software. Rabbit R1 AI devices' security flaw disclosed. EU sanctions Russians for cyber attacks.