Bitcoin
Newsletter Attack Leaves Crypto Firms on Alert
In an innovative scheme, cybercriminals attacked a major newsletter distribution platform that serves several crypto platforms, including exchanges and crypto analytics platforms. CoinGecko co-founder and COO Bobby Ong confirmed that there was indeed a breach on the platform from an undisclosed third-party newsletter distributor.
He said: “We at CoinGecko could potentially be affected and are actively working with our vendor to further investigate and determine the extent of this breach. We have seen CoinGecko phishing emails being sent from other customer accounts. There is no CoinGecko token in the works, so don’t be fooled by the phishing emails.”
Cybercriminals are allegedly using this newsletter platform to launch phishing attacks by sending corrupted links to those who subscribe to newsletters from various crypto platforms. Clicking the link may take users to a page controlled by the scammers, requesting login information through pages that appear identical to the platforms they use. Users will essentially provide their credentials to the scammers by entering their details.
Otherwise, users may receive a request to connect their online wallets. Accepting it may trigger asset transactions from your wallets to the scammer’s wallet. This particular scam is called a supply chain attack because the cybercriminal is attacking a third-party platform/service to gain access to their customer’s user base.
Tether CEO Paolo Ardoino took to X to confirm the same breach, warning users to stay away from any links, especially those indicating air dumps. He also refrained from naming the newsletter distributor until investigations surrounding this matter were completed.
We have now received two independent confirmations that a key vendor used by crypto companies to manage email lists may have been compromised.
We are not releasing names yet until the investigation is complete, but beware of any emails suggesting crypto airdrops received within 24 hours…
— Paolo Ardoino 🤖🍐 (@paoloardoino) June 5, 2024
With countless frauds occurring daily in the crypto world, this seems to take the cake for being the most innovative in recent times. Users are requested to protect their assets and not click on suspicious links and anything they receive from their subscribed newsletters. This should be the practice for now, until updates emerge regarding the newsletter platform that successfully neutralized the attack.
Image by Fernanda Arcos in Pixabay