Ethereum Foundation Reports Phishing Incident Affecting Mailing List

The Ethereum Foundation has reported a significant phishing incident that compromised its mailing list. According to the Ethereum Foundation Blog, the attack occurred on June 23, 2024, at 00:19 AM UTC. A phishing email was sent to 35,794 email addresses from the email address updates@blog.ethereum.org.

Details of the Phishing Attack

The phishing email directed recipients to a malicious website designed to drain cryptocurrency wallets. Users who clicked the link and signed the transaction on the site had their wallets compromised. The Ethereum Foundation's internal security team promptly initiated an investigation to identify the attacker, understand the attack's objectives, and assess the impact.

Immediate Security Measures

In response to the attack, the Ethereum Foundation took several immediate actions:

• Blocked the attacker from sending further emails.
• Issued warnings via Twitter and email advising users not to click the phishing link.
• Closed the access path exploited by the attacker to breach the mailing list provider.
• Submitted the malicious link to various blacklists, resulting in its blockage by most web3 wallet providers and Cloudflare.

Investigation Findings

The investigation revealed that the attacker had imported a large email list into the mailing platform for the phishing campaign. Additionally, the attacker exported 3,759 email addresses from the Ethereum blog mailing list. A comparison of the imported and exported lists indicated that 81 email addresses were previously unknown to the attacker, while the rest were duplicates.

On-chain transaction analysis showed no funds were lost during this specific phishing campaign. The Ethereum Foundation has since migrated some mail services to other providers to mitigate future risks.

Ongoing Efforts

The Ethereum Foundation expressed regret over the incident and emphasized its commitment to working with internal and external security teams to further investigate and address the breach. Users with questions are encouraged to contact the foundation at security@ethereum.org.