A recent phishing campaign is rocking the cryptocurrency ecosystem. On-chain investigator ZachXBT reports that high-profile projects such as WalletConnect, Token Terminal and De.Fi have been targeted. Fraudulent emails impersonating them seek to steal victims' funds. According to ZachXBT, almost $600,000 has been siphoned off.
The companies affected by this phishing campaign alerted their users via their official channels. According to De.Fi, the vulnerability originated in Mailer Lite, a messaging service used by the entities concerned. "We are transferring our databases to another provider to strengthen security", says De.Fi.
Collaboration between @samczsun and the MetaMask teams enabled the fraudulent domain name to be blacklisted. This action is designed to limit the risks for users likely to interact with these emails. An extract from the fraudulent Token Terminal email sets the tone: "We are delighted to share some exciting news with you...".
Victims who click on the fraudulent link and connect their wallet, such as MetaMask, find themselves trapped. The site promises a fictitious airdrop, but the connected wallets are emptied by malicious code. Although the approach seems obvious, the authenticity of the email addresses makes the scam more credible.
Similarities have been noted between this attack and the Ledger Connect Kit attack. Blockworks and Blockaid have identified the same malicious code used in both cases. The threat of these phishing attacks could extend to other Web3 companies.
While ZachXBT estimates the amount stolen at around $600,000, the scammer's address currently shows $2.7 million, suggesting involvement in other scams.
It is crucial to exercise extreme caution when connecting wallets to sites, as a single approval can result in considerable losses.
