MailerLite, a Web3 email service provider, confirmed a phishing scam that resulted in hackers accessing accounts of major Web3 companies and stealing an estimated $3.3 million from subscribers. The attack on January 23 targeted several Web3 firms, including WalletConnect, Token Terminal, and DeFi, whose official accounts sent emails containing malicious links with wallet-draining software.
Hours after the emails were sent to subscribers, MailerLite disclosed details of the breach, which occurred through a social engineering attack on a customer support employee. The employee inadvertently clicked on an image linked to a deceptive Google login page, compromising their access credentials.
This breach allowed the attackers to gain further control by resetting a specific user’s password through MailerLite’s internal admin panel. They were able to impersonate user accounts, focusing solely on those related to cryptocurrencies.
MailerLite revealed that the hackers accessed 117 accounts but only used a fraction to initiate phishing campaigns. The service provider warned that customer and subscriber data, including full names, email addresses, and personal information uploaded to MailerLite, were compromised.
While MailerLite’s support team has not provided additional information about the phishing email scam, blockchain data analytics platform Nansen helped estimate the value of the stolen funds. Nansen’s team pointed out that while the main phishing wallet saw $3.3 million in total inflows, $2.6 million appeared to be from Xbanking tokens traded on Latoken exchange. Excluding Xbanking assets, Nansen reduced the estimate of easily convertible stolen funds to $700,000. Both Nansen and an anonymous Reddit user highlighted the use of the Railgun privacy protocol by the attackers to obscure the transfer of stolen tokens.
Leave a Reply