The Ethereum Foundation (EF) this week disclosed a phishing campaign that targeted its email subscribers. The attack that took place on June 23, saw a malicious email sent to over 35,794 recipients from the compromised email account of ethereum - "updates@blog.ethereum.org".

The phishing email sent from this address leveraged social engineering tactics, luring users with the promise of a high annual percentage yield (APY) through a fake collaboration between Ethereum and Lido DAO. Clicking the embedded "Begin staking" button led victims to a well disguised website designed to steal cryptocurrency from unsuspecting users' crypto wallets.

Dissecting the Ethereum Mailing List Attack

Investigators discovered the attacker used a combined email list, incorporating both their own addresses and a subset of 3,759 addresses harvested from the Ethereum blog's mailing list. Fortunately, only 81 of the obtained addresses were new to the attacker.

The phishing email advertised a lucrative 6.8% APY on staked Ethereum. Upon clicking the malicious link and attempting to connect their wallets, users would unknowingly initiate a transaction that would drain their crypto holdings straight into the attacker's wallet.

Swift Response and Ongoing Measures

The Ethereum Foundation's security team swiftly responded to the incident. They identified and blocked the attacker from sending further emails, while simultaneously alerting the community via Twitter about the malicious campaign. Additionally, the team submitted the fraudulent link to various blocklists, effectively hindering its reach and protecting users of popular Web3 wallet providers and Cloudflare.

While on-chain analysis revealed no successful thefts during this specific campaign, the EF emphasizes the importance of vigilance. They have implemented additional security measures and are migrating some email services to mitigate future risks.

Similar Incidents

This incident highlights the evolving tactics of cybercriminals who exploit trust in reputable organizations to target cryptocurrency users. In February, crypto scammers devised a new tactic to deceive owners of Ethereum Name Service (ENS) domains, commonly recognized by their “.eth” extension. The ENS email phishing scam involved sending emails to ENS owners, purportedly alerting them about the expiration of their domains. But, as seen in the latest campaign victims were directed to fraudulent platforms designed to siphon their funds.

Security professionals and crypto enthusiasts alike should remain vigilant against phishing attempts and prioritize verifying information before interacting with suspicious links or investment opportunities.

Enlarge (credit: Aurich Lawson | Getty Images)

Linux and its code are made by people, and people are not with us forever. Over the weekend, a brief message on the Linux kernel mailing list reminded everyone of just how much one person can mean to a seemingly gargantuan project like Linux, and how quickly that person can disappear.

Denise Finger, wife of the deceased, wrote to the Linux Wireless list on Friday evening:

This is to notify you that Larry Finger, one of your developers, passed away on June 21st.

LWN.net reckons that Finger, 84, contributed to 94 Linux kernel releases, or 1,464 commits total, at least since kernel 2.6.16 in 2006 (and when the kernel started using git to track changes). Given the sometimes precarious nature of contributing to the kernel, this is on its own an impressive achievement—especially for someone with no formal computer training and who considered himself a scientist.

Read 12 remaining paragraphs | Comments