About $580,000 has been drained following a calculated phishing campaign targeting at least four web3 firms’ email addresses.
Digital asset scam detective, ZackXBT commented on the developments on X (formerly Twitter). He flagged several emails sent out in a calculated attempt to appear to be from web3 firms including WalletConnect, Token Terminal, CoinTelegraph, and DeFi.
Community Alert: Phishing emails are currently being sent out that appear to be from CoinTelegraph, Wallet Connect, Token Terminal and DeFi team emails.
~$580K has been stolen so far
0xe7D13137923142A0424771E1778865b88752B3c7 pic.twitter.com/XoN65HxOYh— ZachXBT (@zachxbt) January 23, 2024
The phishing emails sent from accounts that resemble those of the companies contained fake links. The links lured users mostly in anticipation of community airdrops leading to asset losses of half a million dollars.
The address 0xe7D13137923142A0424771E1778865b88752B3c7 was flagged by the investigator adding that approximately $580,000 has been stolen so far. The platforms impersonated in the emails quickly released statements warning users not to interact with those links.
Token Terminal and Wallet Connect targeted
On Jan 23, bad actors targeted Token Terminal claiming to be rolling out an early access airdrop with a link that led to the scammers gaining assets to user funds.
“We are on the verge of unveiling the better version of Token Terminal and we want you to be among the first to Explore its unique features and capabilities. To express our gratitude for your continued support we’ve decided to celebrate this milestone With a special airdrop exclusively for our community members.”
The platform immediately sent out a disclaimer on X that it is not real and will open an investigation following up with the community shortly.
WalletConnect’s scenario also follows a similar pattern with claims of a rare opportunity to join something extraordinary to elevate their cryptocurrency experience to new heights.
The platform notified users of the scammers’ plot urging users not to interact with the phishing links to claim an airdrop adding that it would conduct an investigation.
“We can confirm that this email was not issued directly from WalletConnect or any WalletConnect affiliates and that the link appears to lead to a malicious site. We are working with @blockaid_ to investigate further.”
De.Fi users were hit with the same email pattern claiming to reward users towards their decentralization journey stating that the future of DeFi is in the hands of the community.
The event with fake emails earlier today was caused by an issue of @MailerLite – our mail service provider.
Unfortunately, it seems like MailerLite was also used by WalletConnect, Cointelegraph & Token Terminal which have also become victims of this.
💙 Appreciate the quick… https://t.co/HV92Eb699n pic.twitter.com/RnsPnM9HlJ
— De.Fi 2.0 (@DeFi) January 23, 2024
“We have identified suspicious activity associated with our [email protected] email. Please do not interact with this email address until further updates! Our team is currently working on resolving all issues.”
Phishing Incidents Rampage the Crypto Space
Last year, wallet drainers exploited over $300 million from about 324,000 victims through phishing scams raising broader concerns about the safety of the digital asset community.
Cryptonews published a ScamSniffers report on the growing rate of phishing scams that target official social media accounts of crypto companies and personalities to spread compromised links.