The Ethereum Foundation has identified a serious security breach involving its official email system managed through third-party service provider SendPulse. Tim Beiko, a prominent member of the Ethereum Foundation, sent out a warning to social media platform This breach exposed subscribers to phishing attempts designed to mimic official communications from the Foundation.
Ethereum Foundation Issues Urgent Fraud Alert
The breach was first revealed by Tim Beiko, who posted a warning message to X. “PSA: The mailing list provider used by EF for ‘updates@ethereum.org’ appears to be compromised,” Beiko said. He immediately advised me not to click on any links in emails purporting to be from the foundation. To help you recognize these phishing attempts, Beiko has teamed up with Lido DAO to share examples of scam emails promising an innovative staking platform, with a 6.8% APY for staked ETH variants such as stETH, wETH or ETH. provided falsely.
Phishing emails crafted by attackers are so sophisticated in their approach that they present an attractive investment opportunity. It cited a joint effort between the Ethereum Foundation and Lido DAO, known for its staking services, to introduce a staking platform that supports “best-in-class security” and “100+ integrations” to enhance the staking experience. By offering high returns and leveraging the reputable names of Ethereum and Lido DAO, the emails aimed to trick users into clicking on malicious links that could potentially lead to data theft or installation of malware.
Beiko has since updated the community: “We have confirmed that we can send you an update. “We should have blocked all external access, but we are still checking.” This indicates that the foundation’s IT team has taken steps to regain control of the compromised accounts and is in the process of validating the security measures implemented to prevent further unauthorized access.
The Ethereum Foundation is working with SendPulse to actively investigate the breach to determine the scope and method of the attack. Initial findings indicate that attackers exploited vulnerabilities within the SendPulse security framework to gain unauthorized access to email lists. This incident highlights potential security flaws in the integration of critical communications systems with third-party service providers.
In response to the breach, the Ethereum Foundation issued a correction notice through its official blog and email system instructing users to ignore previous phishing emails and avoid contact with any suspicious links or attachments. The correction email states: “Important: update@ethereum.org is corrupted. Please ignore previous emails,” clearly instructing the community on how to avoid potential security risks associated with the breach.
The Ethereum Foundation advised community members to double-check the authenticity of all communications purporting to be from the Foundation. Users are encouraged to check messages by contacting the organization directly through official channels or by following updates on the foundation’s official social media accounts and website.
Additionally, the community is urged to report any suspicious activity or emails that mimic Foundation communications. This will help reduce the spread of phishing attempts and assist with ongoing investigations.
At press time, ETH was trading at $3,372.
Featured image created with DALL·E, TradingView.com chart