Email marketing firm MailerLite recently fell victim to a security breach, leading to a phishing attack on several prominent Web3 companies. Among the targeted entities was Cointelegraph, and the attack, which transpired on January 23, involved sending phishing emails from the official accounts of well-known platforms such as WalletConnect, Token Terminal, and De.Fi. The malicious emails contained links that directed recipients to harmful websites designed to drain cryptocurrency wallets.
Following the incident, MailerLite promptly released details of the security breach and how it occurred. The attackers exploited a social engineering technique, targeting a customer support employee. In responding to a customer inquiry via the support portal, the employee clicked on an image that was deceptively linked to a fraudulent Google sign-in page. This action unknowingly authenticated access for the attackers, allowing them to gain control of MailerLite’s internal admin panel. The hackers further enhanced their control by resetting a specific user’s password through the admin panel.
Although the attackers gained access to 117 accounts, they specifically exploited only a small number to launch phishing campaigns. MailerLite cautioned that the data of its clients and subscribers were compromised, including full names, email addresses, and other personal information uploaded to the MailerLite platform.
In estimating the value of funds stolen by the attackers, blockchain analytics platform Nansen reported that the main phishing wallet received a total of $3.3 million. However, $2.6 million of this amount consisted of Xbanking tokens, which have lower liquidity and may be challenging to convert. Subtracting the Xbanking tokens, Nansen estimated that the more easily convertible funds stolen amounted to $700,000.
A detailed analysis on Reddit by an anonymous user aligned with Nansen’s findings, emphasizing the use of the privacy protocol Railgun by the attackers to obfuscate the transfer of stolen tokens. Railgun is a privacy solution deployed directly on-chain for various blockchain networks, utilizing zero-knowledge cryptography to enable private interactions with smart contracts and decentralized finance protocols.
The incident not only highlights the vulnerability of Web3 companies but also underscores the importance of implementing robust cybersecurity measures within the decentralized ecosystem. As the adoption of blockchain technology and cryptocurrencies continues to grow, ensuring the security and protection of user data remains a paramount concern.