Ethereum Foundation Falls Victim To A Hack: This Happened
The post Ethereum Foundation Falls Victim To A Hack: This Happened appeared on BitcoinEthereumNews.com.
The Ethereum Foundation has confirmed a significant security breach involving its official email system managed through the third-party service provider, SendPulse. Tim Beiko, a prominent figure at the Ethereum Foundation, raised the alarm on the social media platform X, revealing that the “updates@ethereum.org” mailing list had been compromised. This breach has exposed subscribers to phishing attempts designed to mimic official communications from the Foundation. Ethereum Foundation Issues Urgent Scam Warning The breach was initially disclosed by Tim Beiko, who posted a cautionary message on X. “PSA: it seems like the mailing list provider the EF uses for ‘updates@ethereum.org’ has been compromised,” Beiko stated. He immediately advised against clicking any links from emails purportedly sent by the Foundation. To assist in recognition of these phishing attempts, Beiko shared an example of a fraudulent email that promised an innovative staking platform in collaboration with Lido DAO, falsely offering a 6.8% APY on staked ETH variants such as stETH, wETH, or ETH. The phishing email crafted by the attackers was sophisticated in its approach, presenting itself as an enticing investment opportunity. It mentioned a collaborative effort between Ethereum Foundation and Lido DAO, known for their staking services, to introduce a staking platform backed by “best-in-class security” and “over 100+ integrations” aimed at enhancing the staking experience. By offering high returns and leveraging the reputable names of Ethereum and Lido DAO, the email aimed to trick users into clicking on malicious links that could potentially lead to data theft or malware installation. Following this, Beiko updated the community: “Confirming we managed to send out an update. We should have locked down all external access, but still confirming.” This indicates that the Foundation’s IT team had taken steps to regain control of the compromised account and was in the process of validating the security measures…
Filed under: News - @ June 25, 2024 11:26 pm