Security News > 2024 > July > Ethereum mailing list breach exposes 35,000 to crypto draining attack
A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer.
Ethereum disclosed the incident in a blog post this week and said that it had no material impact on users.
Ethereum says that the threat actor used a combination of their own email address list and an additional 3,759 exported from the platform's blog mailing list.
The message lured recipients to the malicious website with an announcement of a collaboration with Lido DAO and invited them to take advantage of a 6.8% annual percentage yield on staked Ethereum.
The attacker was quickly blocked from sending more emails and Ethereum took to Twitter to notify the community about the malicious emails, warning everyone not to click the link.
Brothers arrested for $25 million theft in Ethereum blockchain attack.