Updated 14:45 UTC, Jan 23: Added Hudson Rock report information
Scammers have stolen over $580,000 from unsuspecting victims in an ongoing hacking and phishing attack using email addresses of major Web3 companies, including Cointelegraph, WalletConnect and Token Terminal.
Cointelegraph contacted the affected parties to ascertain how the attackers used official email addresses to send malicious links. It is understood that email service provider MailerLite has allegedly been hacked and the company has confirmed that it is investigating the issue.
Cryptocurrency investigator ZachXBT flagged a multichain address on his Telegram channel that has amassed over $580,000 of stolen cryptocurrency since the phishing emails were delivered.
The address contains a mix of 280 different cryptocurrency tokens, with 86% of the wallet’s portfolio containing Ether (ETH), amounting to 227 ETH at the time of writing.
Related: Trezor discloses 66K users affected by phishing attack
WalletConnect also warned users on X (formerly Twitter) that it is aware of the phishing email prompting users to click the malicious airdrop link.
We’re aware of an email that appears to have been sent from an email address linked to WalletConnect prompting recipients to open a link to be able to claim an airdrop.
— WalletConnect (@WalletConnect) January 23, 2024
We can confirm that this email was not issued directly from WalletConnect or any WalletConnect affiliates, and… pic.twitter.com/bksAlMnWja
Users of Web3 SocialFi and antivirus app De.Fi are also being targeted by an email promoting a launchpad launch, including a link to an airdrop. The attackers also announced a fake Token Terminal beta launch featuring a button to claim a fictitious airdrop.
Wallet Connect COO Jess Houlgrave told the publication that the attackers were using the company's actual email address to send out phishing emails and that it is also in contact with MailerLite.
According to a report from cybersecurity platform Hudson Rock, its researchers identified a copy of a CRYPTBOT Infostealer malware program on a computer belonging to a MailerLite employee. Hudson Rock claims that this malware program may have been used to gain access to MailerLite’s servers, which would then have been used to steal data to be used in further attacks.
Cointelegraph is also awaiting further details from MailerLite, which it also uses as a mail service provider, for more details on how the attackers allegedly managed to make use of official email addresses.
Token Terminal and De.Fi have not yet responded to requests for comment. Information supplied by Web3 security firm Blockaid indicates that the attackers used wallet-draining software Angel Drainer, also used in the high-profile Ledger Connect Kit attack in December 2023.
Investors should always be cautious when interacting with emails claiming unexpected airdrop announcements.
Magazine: Doctor Who materializes in Web3: Tony Pearce’s journey in time and space