Ethereum core developer Tim Beiko reported that the Ethereum Foundation’s mailing list was leaked due to a vulnerability in SendPulse, the email automation service used by the foundation.
An attacker exploited this to send phishing emails from updates@ethereum.org to subscribers.
The foundation has since restricted access to the mailing list, according to the latest update by Bieko, who further urged users not to click any links sent from that email.
“PSA: it seems like the mailing list provider the EF uses for “updates@ethereum.org” has been compromised. We are currently trying to reach @SendPulseCom to resolve the issue. Please don’t click any links sent from that email. “
Users, too, confirmed receiving fraudulent emails.
Phishing attacks have become increasingly common. Last year, the X account of Ethereum co-founder Vitalik Buterin was hacked by scammers who posted a fake NFT giveaway prompting users to click a malicious link, resulting in victims losing around $800,000.
Buterin later confirmed that the hack was the result of a SIM swap attack.
More recently, cryptocurrency portfolio tracker CoinStats disclosed that it had experienced a phishing attack affecting 1,590 cryptocurrency wallets, which represented 1.3% of all its wallets. As a result, the company temporarily shut down its application.
Additionally, SlowMist founder Yu Xian revealed that the TON blockchain ecosystem had become an appealing target for phishing attacks due to its explosive surge this year.
The exec explained that Telegram accounts that were opened using anonymous numbers are more prone to such attacks.
The post Ethereum Foundation’s Mailing List Leaked: Vulnerability in SendPulse Flagged appeared first on CryptoPotato.
from CryptoPotato https://ift.tt/Fc23wlS