Crypto Community raises alarms as MailerLite falls prey to a phishing attack, losing over $600,000 and exposing subscriber data.
The exploit took advantage of MailerLite’s vulnerability, resulting in a significant loss of $3.3 million from unsuspecting subscribers.
Prominent crypto entities, including CoinTelegraph and WalletConnect, were targeted in the attack, impacting 117 accounts.
MailerLite discloses the breach, attributing it to a social engineering attack on a customer support employee.
Blockchain analysis reveals that over $580,000 can be directly linked to the MailerLite phishing scam.
Details:
MailerLite, the email marketing platform, recently suffered a phishing attack, leading to a loss of over $600,000 and exposing subscriber data. Web3 security firm Blockaid uncovered a vulnerability in MailerLite that allowed hackers to mimic legitimate emails from major Web3 companies, draining an estimated $3.3 million from unsuspecting subscribers.
The attackers exploited MailerLite’s prior authorization to send emails on behalf of prominent crypto organizations, creating deceptive emails that appeared genuine. Entities such as CoinTelegraph, WalletConnect, Token Terminal, and De.Fi were among those targeted.
After the attack, MailerLite promptly disclosed the breach details, attributing it to a social engineering attack on a customer support employee. The attackers gained access to 117 accounts connected to the mailing service, using major Web3 players as conduits for phishing attacks.
Cybersecurity analysts traced over $600,000 in stolen funds, with a portion passed through the privacy protocol Railgun to obscure the money trail. Blockchain analysis revealed that over $580,000 could be directly linked to the MailerLite phishing scam. Nansen, a blockchain analytics firm, reported total inflows of $3.3 million into the main phishing wallet, with $2.6 million represented by XBANKING tokens.
The attackers initially exploited a MailerLite employee through a social engineering attack, gaining access to the internal admin panel. This allowed them to reset passwords, impersonate user accounts, and specifically target cryptocurrency-related profiles.
MailerLite acknowledged that 117 accounts were accessed during the breach, with compromised data including full names, email addresses, and personal information. The attack utilized a technique known as “dangling DNS,” exploiting active DNS records even after customers closed their MailerLite accounts.
This multi-stage attack underscores the importance of cybersecurity measures to protect against social engineering and phishing threats. The industry awaits further updates from MailerLite on security enhancements to prevent future incidents.
