Lido Staking Scam Compromises Ethereum Foundation Email
On June 23, the Ethereum Foundation announced that its email account, used for updates, had been hacked in a phishing scam. Fortunately, the foundation has regained control of the account and has put an end to the distribution of malicious emails.
In a recent blog post, the foundation provided details about how the phishing scam targeted over 35,000 individuals, including subscribers, through the official email address. While no cryptocurrency losses were detected, the email addresses of 81 subscribers may have been compromised.
The phishing emails enticed recipients with a false partnership between the Ethereum Foundation and LidoDAO, promising an appealing 6.8% annual return on staked cryptocurrency, such as Ether, Wrapped Ether, or staked Ether.
To give the scam credibility, it falsely claimed that the staking process was “Protected and Verified by The Ethereum Foundation.”
The fraudulent email contained a malicious link. Clicking on it wouldn’t directly steal the user’s crypto, but it would discreetly run a program in the background that aimed to drain their wallet. If users connected their crypto wallet to the website and completed the requested transaction, believing it to be legitimate, their funds would have been stolen.
Further investigation into the attack revealed that the attackers utilized both their own email list and email addresses stolen from the Ethereum Foundation’s mailing list. They managed to obtain 81 email addresses that were not already on their list.
While phishing scams continue to target cryptocurrency users, there has been a notable decline in overall cryptocurrency hacks in June. According to data from PeckShield, losses dropped to $176 million, a significant decrease compared to the $385 million stolen by hackers in May.
Stay updated with the latest news by following us on Google News.
