Key Points
- The Ethereum Foundation’s official email account was hacked, leading to a phishing attack on its subscribers.
- The scam involved a fake partnership with LidoDAO and a fraudulent staking scheme.
The Ethereum Foundation (EF) has recently alerted its email subscribers to a phishing attack. The attack was orchestrated by malicious individuals who managed to gain access to the foundation’s official email account. They used this access to send out scam messages, promoting a counterfeit Lido staking program.
The Phishing Scheme
The email account “[email protected]” was compromised on June 23rd. The hackers used it to send scam emails to a minimum of 35,794 recipients. The fraudulent email falsely stated that the Ethereum Foundation had partnered with LidoDAO, a decentralized autonomous organization. According to the scam email, this partnership was aimed at a supposed staking scheme offering users a substantial 6.8% yield on staked cryptocurrency, including stETH, WETH, or Ethereum (ETH).
The scam email further claimed that this “collaboration” would offer “deep liquidity and competitive rewards” alongside security. It falsely asserted that the staking service was “protected and verified” by the Ethereum Foundation. A “Begin Staking” button was also included in the email, designed to lead users into the scam.
Damage Control by the Ethereum Foundation
To make the scam more convincing, the attackers created a professional-looking website called “Staking Launchpad”. This website was booby-trapped with a drainer that ran in the background, waiting for unsuspecting users who clicked on the staking button. If a user clicked the button, they would be redirected to the fake website and prompted to approve a transaction in their crypto wallet. Granting such approval would have led to the complete removal of funds from their accounts.
However, the Ethereum Foundation has stated that it was able to regain control of the compromised email address before it caused significant financial losses. Investigations revealed that the attackers’ attempt did not yield any substantial results. The email hack did not result in any financial loss but did expose the email addresses of 81 subscribers who were not part of the original mailing list.
In response to the attack, the Ethereum Foundation has taken proactive measures. They have contacted major wallet providers, blacklisting services, and the DNS provider Cloudflare. The purpose of this collaboration is to warn users and prevent further exploitation through the fake website.