January 23, 2024

Security Alert: Phishing Emails Posing as WalletConnect, Cointelegraph Lead to $580,000 in Victim Losses

Published: January 23, 2024 at 8:37 am Updated: January 23, 2024 at 8:37 am

Edited and fact-checked: January 23, 2024 at 8:37 am

In Brief

Hackers stole $580,000 from victims in a phishing attack, promoting airdrops on email from WalletConnect, Token Terminal and Cointelegraph.

Cybercriminals Target Investors with Phishing Emails, Over $580,000 Lost

Cybercriminals have illicitly acquired more than $580,000 from unsuspecting victims through an ongoing hacking and phishing attack. The attackers are promoting token airdrops and utilizing email addresses that mimic major Web3 and media companies, including WalletConnect, Token Terminal and Cointelegraph.

Cryptocurrency investigator and blockchain sleuth ZachXBT identified a multichain address on his Telegram channel that has accumulated more than $580,000 in stolen cryptocurrency since the delivery of phishing emails.

The address holds a variety of 280 different cryptocurrency tokens, with Ethereum’s native token (ETH) comprising 86% of the wallet’s portfolio, totaling 227 ETH as of the current writing.

Community Alert: Phishing emails are currently being sent out that appear to be from CoinTelegraph, Wallet Connect, Token Terminal and DeFi team emails.

~$580K has been stolen so far
0xe7D13137923142A0424771E1778865b88752B3c7 pic.twitter.com/XoN65HxOYh
— ZachXBT (@zachxbt) January 23, 2024

Open-source cryptocurrency protocol WalletConnect cautioned users on its social media X account, about being aware of the phishing email that encourages users to click on the malicious airdrop link.

The company clarified that the email in question did not originate directly from WalletConnect or any of its affiliates.

We’re aware of an email that appears to have been sent from an email address linked to WalletConnect prompting recipients to open a link to be able to claim an airdrop.

We can confirm that this email was not issued directly from WalletConnect or any WalletConnect affiliates, and… pic.twitter.com/bksAlMnWja
— WalletConnect (@WalletConnect) January 23, 2024

Users of Web3 SocialFi and the antivirus application De.Fi also found themselves under the target of an email campaign promoting a launchpad launch, completed with a link to an airdrop. The attackers have also initiated a fraudulent Token Terminal beta launch, inviting users to claim a fictitious airdrop through a provided button.

The email addresses employed by the attackers are meticulously crafted to deceive recipients, bearing no noticeable distinction from the authentic addresses of the affiliated companies.

Phishing Incidents Escalate in Crypto Community

Phishing is a form of cybercrime where attackers mimic a trusted entity to extract sensitive information from individuals. This deceptive tactic is commonly employed to pilfer confidential data, including login credentials, credit card numbers or other personal information.

This incident is the most recent in a series of phishing attempts conducted via email, specifically targeting cryptocurrency users with the intent of stealing assets or extracting sensitive information.

Recently, the hardware wallet manufacturer Trezor identified a security breach that resulted in the exposure of contact information for almost 66,000 users. At least 41 users reported receiving direct email messages from the attacker, who sought sensitive information related to their recovery seeds. The company quickly notified all 66,000 contacts about the incident through email.

Subsequently, Trezor assured that no recovery seed phrases were disclosed as a consequence of the security breach.

In a separate incident, Bill Lou, co-founder of the security-focused cryptocurrency wallet app Nest, along with other 25,000 users fell victim to a phishing attack when trying to participate in the “less fees and gas” (LFG) token airdrop losing 52 stETH tokens, with an estimated value of $125,000.

A deceptive website mimicking the official LFG token platform was created to fraudulently acquire users’ funds and Bill Lou clicked the link from an article found in a Google search, leading him to the fraudulent website.

As these attacks become more frequent, Metaverse Post emphasizes the importance of investors exercising caution with emails claiming unexpected airdrop announcements.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.

Alisa Davidson