{"id":5301,"date":"2024-11-25T10:47:19","date_gmt":"2024-11-25T09:47:19","guid":{"rendered":"https:\/\/wsj-crypto.com\/?p=5301"},"modified":"2024-11-25T10:47:19","modified_gmt":"2024-11-25T09:47:19","slug":"security-breach-the-ethereum-foundation-mailing-list-incident","status":"publish","type":"post","link":"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/","title":{"rendered":"Security Breach: The Ethereum Foundation Mailing List Incident"},"content":{"rendered":"<p><\/p>\n<div id=\"\">\n<p class=\"chakra-text css-gi02ar\">On 2024-06-23, 00:19\u202fAM UTC, a deceptive email was dispatched to 35,794 email addresses by <!-- --><span class=\"chakra-text css-ons8vw\">updates@blog.ethereum.org<\/span> containing the following information<br \/>\n<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Individuals who clicked the link in the email were redirected to a harmful website:<br \/>\n<!-- --><img decoding=\"async\" alt=\"\" src=\"https:\/\/storage.googleapis.com\/ethereum-hackmd\/upload_61b8ccf9fbb6ff301133f4a04b81d9fc.png\" class=\"chakra-image css-hw6q2r\"\/><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">This website operated a crypto drainer in the background, and if a user opened their wallet and approved the transaction requested by the website, their wallet would have been compromised.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Our internal security group promptly initiated an inquiry to help ascertain who perpetrated the attack, what the intent was, when it occurred, who was impacted, and the methods used.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Some of the preliminary measures taken were:<!-- --><\/p>\n<p><!-- --><\/p>\n<ul role=\"list\" class=\"css-1onhfjo\">\n<li class=\"css-cvpopp\">Stopped the threat actor from dispatching further emails.<!-- --><\/li>\n<li class=\"css-cvpopp\">Issued alerts via Twitter and email advising not to click the suspicious link.<!-- --><\/li>\n<li class=\"css-cvpopp\">Shut down the unauthorized access route utilized by the threat actor to infiltrate the mailing list provider.<!-- --><\/li>\n<li class=\"css-cvpopp\">Reported the malicious link to several blacklists, resulting in it being blocked by most web3 wallet providers and Cloudflare.<!-- --><\/li>\n<\/ul>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Our investigation into the incident revealed that:<!-- --><\/p>\n<p><!-- --><\/p>\n<ul role=\"list\" class=\"css-1onhfjo\">\n<li class=\"css-cvpopp\">The threat actor had uploaded their own extensive email list into the mailing list platform for the phishing scheme.<!-- --><\/li>\n<li class=\"css-cvpopp\">The threat actor extracted the email addresses from the blog mailing list, totaling 3759 addresses.<!-- --><\/li>\n<li class=\"css-cvpopp\">Upon comparing the emails in the list imported by the threat actor, it was evident that the blog mailing list contained 81 email addresses unknown to the threat actor, with the remainder being duplicates.<!-- --><\/li>\n<li class=\"css-cvpopp\">An analysis of on-chain transactions associated with the threat actor from the time they launched the email campaign until the malicious domain was blocked shows that no victims lost funds during this particular campaign.<!-- --><\/li>\n<\/ul>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">As we continue to address this occurrence, we have implemented further safeguards, including transitioning some mailing services to different providers, to further mitigate the risk of recurrence.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">We sincerely apologize for this incident and are collaborating effectively with both our internal security team and external partners to more comprehensively address and investigate this matter.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Any inquiries can be directed to <!-- --><a class=\"chakra-link css-ug8vf0\" href=\"https:\/\/blog.ethereum.org\/en\/2024\/07\/02\/mailto:security@ethereum.org\">security@ethereum.org<!-- --><\/a>.<!-- --><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2024\/07\/02\/blog-incident\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On 2024-06-23, 00:19\u202fAM UTC, a deceptive email was dispatched to 35,794 email addresses by updates@blog.ethereum.org containing the following information Individuals who clicked the link in the email were redirected to a harmful website: This website operated a crypto drainer in the background, and if a user opened their wallet and approved the transaction requested by<\/p>\n","protected":false},"author":3,"featured_media":5124,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[154],"class_list":{"0":"post-5301","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ethereum","8":"tag-return-a-list-of-comma-separated-tags-from-this-title-blog-ethereum-org-mailing-list-incident-ethereum-foundation-blog"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security Breach: The Ethereum Foundation Mailing List Incident - WSJ-Crypto<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Breach: The Ethereum Foundation Mailing List Incident - WSJ-Crypto\" \/>\n<meta property=\"og:description\" content=\"On 2024-06-23, 00:19\u202fAM UTC, a deceptive email was dispatched to 35,794 email addresses by updates@blog.ethereum.org containing the following information Individuals who clicked the link in the email were redirected to a harmful website: This website operated a crypto drainer in the background, and if a user opened their wallet and approved the transaction requested by\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/\" \/>\n<meta property=\"og:site_name\" content=\"WSJ-Crypto\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-25T09:47:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/11\/eth-org.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2100\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"wsjcrypto\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"wsjcrypto\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/\",\"url\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/\",\"name\":\"Security Breach: The Ethereum Foundation Mailing List Incident - WSJ-Crypto\",\"isPartOf\":{\"@id\":\"https:\/\/wsj-crypto.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/11\/eth-org.jpeg\",\"datePublished\":\"2024-11-25T09:47:19+00:00\",\"author\":{\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\"},\"breadcrumb\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/#primaryimage\",\"url\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/11\/eth-org.jpeg\",\"contentUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/11\/eth-org.jpeg\",\"width\":2100,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wsj-crypto.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security Breach: The Ethereum Foundation Mailing List Incident\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wsj-crypto.com\/#website\",\"url\":\"https:\/\/wsj-crypto.com\/\",\"name\":\"WSJ-Crypto\",\"description\":\"Just Another Crypto News Website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wsj-crypto.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\",\"name\":\"wsjcrypto\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"caption\":\"wsjcrypto\"},\"url\":\"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security Breach: The Ethereum Foundation Mailing List Incident - WSJ-Crypto","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/","og_locale":"it_IT","og_type":"article","og_title":"Security Breach: The Ethereum Foundation Mailing List Incident - WSJ-Crypto","og_description":"On 2024-06-23, 00:19\u202fAM UTC, a deceptive email was dispatched to 35,794 email addresses by updates@blog.ethereum.org containing the following information Individuals who clicked the link in the email were redirected to a harmful website: This website operated a crypto drainer in the background, and if a user opened their wallet and approved the transaction requested by","og_url":"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/","og_site_name":"WSJ-Crypto","article_published_time":"2024-11-25T09:47:19+00:00","og_image":[{"width":2100,"height":900,"url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/11\/eth-org.jpeg","type":"image\/jpeg"}],"author":"wsjcrypto","twitter_card":"summary_large_image","twitter_misc":{"Scritto da":"wsjcrypto","Tempo di lettura stimato":"2 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/","url":"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/","name":"Security Breach: The Ethereum Foundation Mailing List Incident - WSJ-Crypto","isPartOf":{"@id":"https:\/\/wsj-crypto.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/#primaryimage"},"image":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/#primaryimage"},"thumbnailUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/11\/eth-org.jpeg","datePublished":"2024-11-25T09:47:19+00:00","author":{"@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7"},"breadcrumb":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/#primaryimage","url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/11\/eth-org.jpeg","contentUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/11\/eth-org.jpeg","width":2100,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/11\/25\/security-breach-the-ethereum-foundation-mailing-list-incident\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wsj-crypto.com\/"},{"@type":"ListItem","position":2,"name":"Security Breach: The Ethereum Foundation Mailing List Incident"}]},{"@type":"WebSite","@id":"https:\/\/wsj-crypto.com\/#website","url":"https:\/\/wsj-crypto.com\/","name":"WSJ-Crypto","description":"Just Another Crypto News Website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wsj-crypto.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7","name":"wsjcrypto","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","caption":"wsjcrypto"},"url":"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/5301","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/comments?post=5301"}],"version-history":[{"count":2,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/5301\/revisions"}],"predecessor-version":[{"id":5303,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/5301\/revisions\/5303"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media\/5124"}],"wp:attachment":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media?parent=5301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/categories?post=5301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/tags?post=5301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}