MailerLite has confirmed reports of the hackers gaining access to customers’ accounts that led to a calculated crypto phishing exploit targeted at popular web3 firms.
On Jan 23, the email marketing company released a detailed explanation of the events leading up to the hack and subsequent phishing attacks on web3 firms. The attack led to approximately $3.3 million in crypto assets drained from users.
“Today on January 23rd, 2024, at 7:52 am UTC time MailerLite, providing email marketing services to you became aware of a cyber security incident that happened on January 23rd, 2024 at 00:11 AM UTC time that affected several accounts in the cryptocurrency sphere.”
The firm mentioned that upon notice of the incident, it blocked the bad actor’s method of entry, resolving all issues, and can confirm that the breach was “fully stopped.”
Hackers Target 177 Accounts
According to the firm’s internal investigation, a customer support team staff member was the point of access by hackers after the team member responding to an inquiry clicked on an image.
Linked to a fraudulent Google sign-in page, the user authenticated the process through a mistaken phone confirmation leading to the broader breach in the admin panel.
Per the report, the hackers took it further by executing a password reset in the admin panel of the impersonator user email accounts. What’s more, only cryptocurrency-related accounts were targeted.
The incident that rocked crypto spaces saw a total of 177 MailerLite accounts impacted, although the phishing campaign targeted a small number of companies.
“This breach underscored the need for heightened vigilance and robust security protocol, especially in handling seemingly routine support interactions,” the company added.
Blockchain security firm Blockaid revealed earlier that MailerLite was compromised.
Today, Blockaid researchers discovered a phishing attack where an attacker was able to leverage a vulnerability in email service provider Mailer Lite to impersonate web3 companies, draining $600k+. Blockaid instantly protected millions of users and was able to safeguard $2.7M. pic.twitter.com/SvGMdB4vNZ
— Blockaid (@blockaid_) January 23, 2024
$3.3 Million Drained in Crypto Phishing Attacks
On Jan 23, cryptocurrency hack investigator ZackXBT posted on X (formerly Twitter) about an ongoing phishing campaign targeted at web3 firms including WalletConnect, De.Fi, Token Terminal, Cointelegraph, etc.
Community Alert: Phishing emails are currently being sent out that appear to be from CoinTelegraph, Wallet Connect, Token Terminal and DeFi team emails.
~$580K has been stolen so far
0xe7D13137923142A0424771E1778865b88752B3c7 pic.twitter.com/XoN65HxOYh— ZachXBT (@zachxbt) January 23, 2024
Initially, the bad actors stole $580,000 in digital assets by sending malicious links through emails claiming to have rolled out community airdrops to reward users.
Platforms immediately sent out disclaimers warning the community not to interact with the links promising to resolve issues after carrying out investigations.
The incident sparked a wider conversation about the safety of cryptocurrencies and the use of airdrops to target users on social media spaces as phishing numbers surge.
The flagged wallet address contained about 280 ETH and the total amount drained from users is now estimated at $3.3 million.
An analysis conducted by crypto users and analytics firm Nansen shows $3.3 million inflows to the wallet but revealed that $2.6 million is held up in XBanking tokens leaving the rest at $700,000.