Several Web3 firms have been impersonated in an ongoing coordinated phishing attack in the crypto community.
According to a tweet by on-chain sleuth ZachXBT, investors have been receiving phishing emails from sources claiming to be from platforms like decentralized applications and crypto wallet bridge provider WalletConnect, full stack on-chain data platform Token Terminal, decentralized finance portfolio tracker De.Fi, and crypto media house Cointelegraph.
Ongoing Coordinated Phishing Attack
Screenshots posted by Zach revealed that all the emails contained offers of fake airdrops to lure users into clicking the action. While the emails were geared toward the same purpose, the scammers gave different reasons for the purported airdrops.
For WalletConnect, the malicious actors claimed the airdrops were part of a “special occasion” to express gratitude to users and community members. Token Terminal users were told the free tokens were part of the celebration of a new milestone: unveiling the platform’s beta version.
On the other hand, the scammers told De.Fi’s users that the airdrop was part of the launch of “innovative staking options” on the platform’s Launchpad, while Cointelegraph is purportedly celebrating its tenth anniversary.
Interestingly, the email addresses used for the phishing attacks have no noticeable difference from the genuine addresses of the impersonated companies. This has caused many victims to fall for the scams. ZachXBT disclosed that over $580,000 had been stolen from users who clicked the links.
Affected Firms Warn Users
As news of the phishing emails has started making the rounds, affected companies have released official statements denying responsibility for the attacks and warning users to refrain from interacting with the airdrop links.
“We’re aware of an email that appears to have been sent from an email address linked to WalletConnect, prompting recipients to open a link to be able to claim an airdrop. We can confirm that this email was not issued directly from WalletConnect or any WalletConnect affiliates and that the link appears to lead to a malicious site,” WalletConnect stated.
Cointelegraph announced it does not issue airdrops, and Token Terminal confirmed the email was fake.
While investigations are ongoing, De.Fi has discovered that the issue stemmed from Mailer Lite, an email service provider also used by other affected companies.
“We are already moving our databases to another provider to ensure further safety of our users,” De.Fi said.