- Email provider MailerLite has been hacked.
- Attackers took advantage of access to accounts of large Web3 projects for phishing mailings.
- The damage is estimated at $3.3 million. The exact number of victims is unknown.
On January 23, 2024, MailerLite's database was compromised, resulting in attackers gaining access to large companies' Web3 accounts. The damage from the subsequent wave of phishing attacks is estimated at $3.3 million.
Blockaid analysts were among the first to report the incident. They estimated the damage at $600,000.
“The attackers took advantage of the fact that MailerLite had permission to send emails from the domain names of these organizations. This is how they created the appearance of an official mailing,” the organization’s report states.
Links in the letters led to various malicious applications that used the Angel Drainer Group infrastructure, experts said. The attackers used mail from such projects as CoinTelegraph, WalletConnect, Token Terminal and De.Fi.
In the comments DeCrypt a MailerLite spokesperson confirmed the hack. According to him, one of the employees accidentally clicked on a malicious link disguised as a Google authentication page.
Having gained access, the attackers reset the password for the admin panel. According to MailerLite, they gained access to 117 accounts.
Edition Cointelegraph Citing analysts, Nansen said the actual damage is about $3.3 million. However, most of this is XBANKING (XB) tokens, which will be difficult to convert, experts say.
At the time of writing, there has been no official statement from MailerLite. We previously covered in detail the hack of the SEC's X (formerly Twitter) page. As it turns out, this was due to multi-factor authentication being disabled.