Over 35,000 Ethereum community members were exposed to a phishing attack after a threat actor compromised the project’s mailing list provider.

According to an official blog post, the attacker leveraged a combination of their own email list and a separate list exported from the Ethereum blog platform.

Buy Me A Coffee

The phishing emails, disguised as an update from Ethereum itself, promised high returns through a fake collaboration with Lido DAO. Clicking the malicious link within the email would have directed users to a fraudulent website designed to steal their cryptocurrency.

Fortunately, the incident appears to have been contained with minimal impact on users. Ethereum reports that only a small number of the leaked addresses (around 80) were unknown to the attackers, suggesting they may have already targeted this group through other means.

CERT-In Finds Multiple Bugs in Node.js that Can Be Used to Obtain Sensitive Info