- Leading platforms sent out emails with malicious links containing wallet-draining apps
- MailerLite’s system was compromised via a social engineering attack
Email marketing company MailerLite confirmed that hackers had gained access to the accounts of several leading Web3 companies and perpetrated phishing email scams, stealing around $3.3 million from users in the process, Cointelegraph reported. The medium was among the victims.
Email system was compromised
Token Terminal, WalletConnect, and other leading platforms sent out emails with malicious links containing wallet-draining apps. This became possible because MailerLite’s system was compromised via a social engineering attack aimed at a staff member.
The company stated that their employee had clicked on an image linked to a fake Google sign-in page as they were answering a customer’s question via the support portal. This enabled the attackers to infiltrate MailerLite’s internal admin panel. They reset a user password in the panel, gaining further control.
Focus was on crypto accounts
MailerLite added the attackers had been solely focused on crypto-related accounts. Of the 117 they accessed, only a few were used to launch phishing campaigns. By that time, the company had warned its users that their personal data was affected, including full names and email addresses.
Mainly Xbanking tokens were stolen
Blockchain analytics platform Nansen estimates that the cybercriminals stole $3.3 million. However, the vast majority of the funds ($2.6 million) was Xbanking tokens, which are not particularly liquid and are only exchanged on Latoken via CoinGecko.
The more liquid funds stolen only amount to around $700,000, Nansen estimates.
An anonymous Reddit user started a detailed thread and reached a similar estimate of the total funds stolen in the attacks. He also mentioned mostly XB tokens had been stolen.
Scammers used Railgun to hide transfer
Nansen and the Reddit post both drew attention to the fact that the scammers used the privacy protocol Railgun to hide the transfer of the crypto stolen. Railgun is a privacy protocol running on top of the Ethereum Mainnet, Polygon, BNB Chain, and Arbitrum. It uses zk cryptography to let people use smart contracts and DeFi protocols privately.
