A threat actor hacked into the Ethereum Foundation’s account via a mailing list platform, and then used an email phishing scam to lift over 35,749 addresses.

The phishing scam originated from the legitimate Ethereum blog email address and contained a malicious link that promoted a Lido scam. According to the Foundation, “This website had a crypto drainer running in the background, and if a user initiated their wallet and signed the transaction request by their website their wallet would have been drained”. The threat actor was able to exploit a vulnerability present to gain access to the platform, and then lift the 3,759 email addresses associated with the Foundation’s blog. From there, the threat actor uploaded their own separate list of emails to be used in the phishing campaign.

Read more:

https://www.securityweek.com/hacked-ethereum-foundation-account-used-to-send-35000-phishing-emails/