Ethereum Foundation’s email hacked to promote bogus Lido staking scam

As an experienced analyst in the cryptocurrency space, I’ve seen my fair share of security breaches and scams. The recent incident where the Ethereum Foundation’s email account was hacked to promote a fake Lido staking scheme is a stark reminder of the constant threat that exists in this industry.


As an analyst, I would put it this way: I came across information indicating that the Ethereum Foundation’s email account was compromised and used to disseminate a fraudulent message, disguised as a Lido staking opportunity.

A recent announcement revealed that the Ethereum Foundation’s email account, which is utilized for sending official communications, was hacked on June 23rd.

The attackers used the [email protected] email address to send scam emails to 35,794 addresses.

In the email, users encountered information about a new collaboration between the Ethereum Foundation and Lido Decentralized Autonomous Organization (LidoDAO). As a result of this alliance, users were able to earn a yield of 6.8% on their staked Ether (stETH), Wrapped Ether (WETH), or regular Ether through LidoDAO.

ETH deposits were being offered.

“Through teaming up, these organizations leverage their unique capabilities to provide significant liquidity and attractive returns for you, enriching your staking journey with over a hundred integrations.”

Additionally, the statement noted that the Ethereum Foundation would ensure the security and authenticity of the staking service.

As a crypto investor, when I reached the end of the announcement, my eyes were drawn to a “Start Staking” button nestled at the bottom. Curiosity piqued, I clicked it without a second thought. Little did I know, this seemingly innocuous action would redirect me to a maliciously designed website set up by the attackers.

Ethereum Foundation’s email hacked to promote bogus Lido staking scam

As a diligent researcher, I’ve come across a malicious site referred to as “Staking Launchpad.” This deceptive platform reportedly concealed a hidden crypto drainage tool. Surprisingly enough, it boasted a sleek and expertly crafted design to mislead unsuspecting users.

Ethereum Foundation’s email hacked to promote bogus Lido staking scam

Pressing the “Stake” button on the site will prompt users to confirm the transaction in their digital wallets. Once confirmed, all funds from their account will be transferred out.

No funds lost

Based on the information available at this moment, I have taken possession of the hacked email account as reported by the foundation. According to their investigation, there was no monetary loss incurred during the cyberattack.

The foundation observed that there were no reported fund losses among victims from on-chain transactions linked to the threat actor’s emails during the period when the malicious domain was still active.

I uncovered the fact that an intruder had inserted a database into the Foundation’s system, which included email addresses that did not belong to their subscriber base. Consequently, some individuals who hadn’t signed up for the Foundation’s mailing list received the fraudulent email.

The intruder exported a list of “email addresses associated with the blog,” totaling 3,759 entries. Yet, this list held merely 81 unique addresses, while the remainder consisted of “repeated email addresses.”

As such, it was estimated that the attack compromised the email addresses of 81 subscribers.

In addition, the foundation has contacted various wallet services, blocklists, and DNS service Cloudflare, asking them to alert users should they be directed to a harmful website.

The cryptocurrency industry is no stranger to phishing schemes via email. 

Around the beginning of June, various influential individuals in the crypto world issued warnings about a major email provider potentially being hacked, with users subsequently receiving fraudulent messages advertising bogus airdrops. Before this incident, the email accounts of several notable crypto-related organizations had been exploited to send phishing emails.

Read More

2024-07-03 13:32