Mailerlite, an email marketing tool and website builder for businesses, recently revealed an incident of exploitation where hackers managed to gain control of a selected number of Web3 email accounts.
They managed to do this by targeting a customer service employee utilizing social engineering. Social engineering is a manipulative technique where individuals exploit techniques to manipulate others into divulging confidential information.
In this case, by exploiting the customer service employee, the hackers managed to gain access to accounts of well-known Web3 companies. They utilized those accounts to send phishing email scams, ultimately stealing approximately $3.3 million from subscribers.
Another surprising aspect of the news was that Cointelegraph, a prominent online media platform that focuses on providing news, analysis, and information related to blockchain technology, cryptocurrencies, and the broader decentralized finance (DeFi) space, was also targeted in the attack, along with other Web3 based companies.
Mailerlite Provides details of the incident.
The online hack took place on 23 January 2024, where hackers managed to send emails from the official accounts of WalletConnect, Token Terminal, and De. Fi accounts contained malicious links connected to software programmed to drain wallet accounts.
WalletConnect is a secure communication protocol that allows mobile wallets to connect to decentralized applications (dApps) across different blockchains. It acts as a bridge between your crypto wallet and various DeFi platforms.
Token Terminal is a data analytics platform specifically designed for the DeFi space. It provides users with in-depth insights and metrics on various DeFi protocols, tokens, and projects, helping them make informed investment decisions.
De. Fi provides tools to help users manage their crypto assets and DeFi investments. These tools include a DeFi portfolio tracker, a crypto wallet antivirus, and a security scanner.
Scammers sent emails impersonating these entities to steal cryptocurrency from unsuspecting users.
It took some hours before MailerLite could track what was transpiring with their hacked email account, and later, they issued a statement explaining how their system had been compromised through social engineering, where hackers managed to target a customer support employee.
The statement read: “The team member, responding to a customer inquiry via our support portal, clicked on an image deceptively linked to a fraudulent Google sign-in page. The staff member unknowingly verified access, allowing the attackers entry to MailerLite’s internal admin panel. The hackers extended their control by resetting a particular user’s password using the admin panel. With this level of access, they could impersonate user accounts. The focus was exclusively on cryptocurrency-related accounts.”
The email marketing tool company also revealed that the hackers accessed 117 accounts but used only a limited number to carry out phishing attacks. Regrettably, the firm also revealed that the data of several of its clients and subscribers, including full names, emails, and personal information provided to MailerLite, has been compromised.
Nansen, a blockchain analytics platform, carried out research in which they estimated how much funds were stolen by hackers through their phishing attempts. It was deduced that approximately $3.3 million worth of funds were flown out of the affected accounts and into the main phishing wallet.
Nansen is known for providing in-depth analytics and data analysis for several blockchains. The Nansen-supported blockchains include well-known names like Ethereum, Solana, BNB, Polygon, and Avalanche. Because of their integration with these blockchains, they could tell several how much the funds were stolen.
However, the Nansen team revealed that $2.6 million consists of Xbanking tokens, primarily traded on the Latoken exchange as per CoinGecko. These tokens appear less liquid and constitute 80% of its fully diluted valuation, posing potential challenges in the conversion process.
After deducting the value of Xbanking (XB) tokens from the overall stolen funds, Nansen arrived at a figure of $700,000 that is readily convertible.
A comprehensive Reddit thread by an anonymous user independently arrived at a comparable estimate for the total stolen funds, a conclusion supported by Nansen and aligned with including XB tokens in the calculation.
Nansen and the Reddit post both emphasized that the assailants employed the privacy protocol Railgun to cloak the movement of stolen tokens. Railgun is a privacy-oriented system integrated directly into the Ethereum, BNB Chain, Polygon, and Arbitrum blockchains.
It leverages zero-knowledge cryptography to facilitate confidential interactions within smart contracts and decentralized finance protocols.
The news is another example of why you should educate yourself regarding phishing attempts and how to employ safeguards to protect your funds from outside attacks.
