Web3 Company was Hacked

8bz1...QVcw
24 Jan 2024
43

Web3 Company Hacked: $3.3 Million in Assets Stolen

Web3 Email company MailerLite has confirmed that hackers gained access to the accounts of major Web3 companies and perpetrated a phishing email scam that drew an estimated $3.3 million from subscribers. It was among several Web3 companies targeted in the attack that took place on January 23, and emails sent from WalletConnect, Token Terminal, and De Fi's official accounts contained malicious links hosting wallet-draining software.


Hours after the emails were sent to subscribers, MailerLite released details of how its system was compromised via a social engineering attack targeting a customer support employee. The statement included the following statements:

Responding to a customer inquiry through our support portal, the team member clicked on an image that deceptively linked to a fake Google login page.”


The team member then unknowingly authenticated the access, which gave the attackers access to MailerLite's internal admin panel. Hackers gained more control by resetting a specific user's password via the admin panel:

With this level of access, they were able to spoof user accounts. The focus was solely on cryptocurrency-related accounts.” MailerLite revealed that hackers accessed 117 accounts but used only a small portion to launch phishing campaigns. The service provider warned that data of its customers and subscribers had been affected, including their full names, email addresses and personal information uploaded to MailerLite.

MailerLite's support team has yet to provide additional information about the incident, despite it being a major target of phishing email scams. Blockchain data analysis platform Nansen helped estimate the value of funds stolen by attackers. According to the research team, the main phishing wallet saw total inflows of $3.3 million by tracking Nansen-backed blockchain data token flows:

However, $2.6 million of this figure are Xbanking tokens, which appear to be traded only on the Latoken exchange. Nansen's team said in a statement on the subject that $ 2.6 million is 80% of its fully diluted valuation and that it may be difficult to convert it.

By subtracting Xbanking assets from the total stolen funds, Nansen reduces the amount of stolen and more easily convertible funds to $700,000. A detailed thread from an anonymous user on Reddit provided a similar estimate of the total funds stolen by the incident. Nansen confirmed the findings, which included mention of XB tokens.


I was also partially affected by this attack. An email arrived from the DeFi company working with MailerLite. I did not open the links because the content was a bit suspicious. When I contacted reliable sources, I realized that there was an attack.



Please do not click on links that you do not trust or are unsure of. Stay safe.


Write & Read to Earn with BULB

Learn More
Enjoy this blog? Subscribe to Hacker

2 Comments

B
No comments yet.
Most relevant comments are displayed, so some may have been filtered out.