Cryptocurrency data and news providers Cointelegraph, WalletConnect, Token Terminal, and De.Fi email addresses are sending phishing emails.
In a January 23 Telegram post, anonymous blockchain sleuth ZachXBT warned about emails sent from domains belonging to the company’s legitimate domains. Data collected by blockchain analytics service Arkham Intelligence shows that the address has seen almost all activity since January 23, receiving hundreds of transactions. According to Etherscan data, there were 80 transactions on Ethereum (ETH) alone.
To date, $580,000 has been spent.
ZachXBT | Investigation of ZachXBT Telegram Channel
So far, it’s unclear how attackers could send messages that appear to come from the aforementioned organizations. The entity behind the phishing attack may have used several hacking techniques.
One strategy is email spoofing, where an attacker forges email headers to make a message appear to come from a legitimate source. In this scenario, the attacker may have changed the “From” field of the email to mimic the legitimate domain of the company mentioned. However, modern email services typically prevent this approach unless the attacker compromises the DNS records.
Another plausible method is to compromise the company’s email server. Gaining access to these servers allows attackers to send emails that actually come from corporate addresses. Alternatively, attackers may have accessed individual employee email accounts within these organizations.
This can be done using credentials from phishing, malware, or other data breaches. By taking control of an employee’s email account, an attacker can send emails that appear to come from that individual.
Finally, security breaches in the third-party email service providers used by these companies could also explain this situation. In this case, the attacker would have targeted the service provider rather than the company, allowing emails to be sent from legitimate addresses.
At this time, it is unknown which method the attacker used, if any of the methods listed were used. Meanwhile, Cointelegraph posted a warning to its readers, and the Etherscan page at the address also included a phishing scam disclaimer.
WalletConnect did X. explain The company is aware of phishing campaigns promoting fake airdrops. The company confirmed that the email was not sent directly by its employees or affiliates, and that it is working with Blockaid, a cryptocurrency hacking prevention service.
While we continue to better understand the situation, we urge anyone who has received this email to not have any contact with it.
WalletConnect | X
Cointelegraph likewise announced with post The company said it was “aware of scammers impersonating Cointelegraph.” The company reiterated that it does not issue airdrops.
Do not respond to or click on links sent to your DMs/emails by anyone claiming to be part of the Cointelegraph team.
Cointelegraph | X
token terminal De.Fi and De.Fi have also issued similar warnings, with the latter also doing the same. belonging This case is about MailerLite, the mail service provider used by the company. The company explained that other emails were likely sent in the same way.
Unfortunately, MailerLite appears to have also been used by WalletConnect, Cointelegraph, and Token Terminal, which all fell victim to this issue.
DeFi | X