The email service reveals that hackers gained control of select Web3 email accounts by targeting a customer service employee through a social engineering attack.

Email marketing firm MailerLite has confirmed that hackers gained access to accounts of large Web3 companies to carry out phishing email scams that drained an estimated $3.3 million from subscribers.

Cointelegraph was among the handful of these Web3 companies targeted in the attack on Jan 23, with emails sent from the official accounts of WalletConnect, Token Terminal and De.Fi containing malicious links harboring wallet-draining software.
Hours after the emails had been sent to subscribers, MailerLite released details of how its system had been compromised through a social engineering attack targeting a customer support employee.

“The team member, responding to a customer inquiry via our support portal, clicked on an image that was deceptively linked to a fraudulent Google sign-in page," the statement outlined.

The employee then unwittingly authenticated access, which gave the attackers access to MailerLite’s internal admin panel. The hackers gained further control by resetting a specific user’s password through the admin panel.

“With this level of access, they were able to impersonate user accounts. The focus was exclusively on cryptocurrency-related accounts.”
MailerLite revealed that the hackers accessed 117 accounts but only exploited a smaller number to launch phishing campaigns. The service provider warned that its clients' and subscribers’ data, including full names, email addresses, and personal information uploaded to MailerLite, were affected.

Cointelegraph reached out to MailerLite's support team and has yet to receive any additional information about the incident despite being a prominent target of the phishing email scam.

Blockchain analytics platform Nansen assisted Cointelegraph in estimating the value of funds stolen by the attackers. According to their research team, the main phishing wallet has seen $3.3 million of total inflows by tracking token flows on Nansen-supported blockchains.

“But $2.6 million of that number is XBANKING tokens, which seem to be trading on LATOKEN exchange only (via Coingecko). And seem less liquid. 2.6M is 80% of its full diluted valuation, and it could be hard to convert it,” Nansen’s team told Cointelegraph.

Source - Coin Telegraph