Ethereum Foundation got hacked
Tim Beiko from the Ethereum Foundation has officially stated that the organization's main email was compromised, resulting in numerous unauthorized emails being dispatched to its subscribers. As reported by WuBlockchain, the breach occurred through SendPulse, leading to a warning for members to be wary of and refrain from clicking on any dubious links in future communications.
The revelation of this security breach came to light when multiple deceptive emails originating from the updates@ethereum.org address were identified. These emails contained fraudulent links that posed a risk to individuals who might click on them, possibly leading to the installation of harmful software or the loss of sensitive information.
Tim Beiko took to X to raise the alarm, urging the community to remain vigilant and steer clear of engaging with any suspicious links or attachments from emails sent by the compromised account. The intrusion was made possible through the Ethereum Foundation's email service provider, SendPulse, which suffered from vulnerabilities the attackers exploited.
The assailants exploited weaknesses in SendPulse's security measures to gain illegitimate access to the Ethereum Foundation's mailing list, from which they launched phishing attacks. Addressing and rectifying the vulnerabilities with SendPulse to safeguard future email exchanges is a priority for the Ethereum Foundation at this time.
To prevent further incidents, the foundation is delving into the specifics of the security lapse. Beiko shared an example of a phishing email to help the community identify potential scams. Despite these emails seeming legitimate, they are designed to redirect recipients to harmful websites aimed at downloading malware or pilfering confidential and financial information.
