Key Takeaways
- Hackers targeted crypto-related accounts connected to the mailing service, gaining access to 117 accounts.
- MailerLite attributed it to a social engineering attack on a customer support employee.
Email marketing platform MailerLite fell victim to a phishing attack, resulting in a substantial loss of more than $600,000 and exposing the personal information of subscribers.
Web3 security firm Blockaid revealed that the exploit took advantage of a vulnerability in MailerLite, allowing hackers to mimic legitimate emails from major Web3 companies, draining an estimated $3.3 million from unsuspecting subscribers.
The attackers leveraged a flaw in MailerLite to send deceptive emails with malicious links to cryptocurrency-related accounts, including those of prominent entities such as CoinTelegraph, WalletConnect, Token Terminal, and De.Fi. Blockaid explained that the exploit succeeded by capitalizing on MailerLite’s prior authorization to send emails on behalf of these organizations, allowing the attackers to create emails that appeared genuine.
Following the attack, MailerLite promptly disclosed the breach details, attributing it to a social engineering attack on a customer support employee. The hackers targeted cryptocurrency-related accounts connected to the mailing service, gaining access to a total of 117 accounts. Although not every account was exploited, some major Web3 players unwittingly became conduits for phishing attacks.
Cybersecurity analysts traced over $600,000 in stolen funds, with a portion quickly passed through the privacy protocol Railgun in an attempt to obscure the money trail. Despite these efforts, blockchain analysis revealed that over $580,000 could be directly linked to the MailerLite phishing scam.
According to blockchain analytics firm Nansen, the main phishing wallet witnessed $3.3 million of total inflows by tracking token flows on Nansen-supported blockchains. As per reports $2.6 million among those were XBANKING tokens which were less liquid in nature.
Subtracting the XBANKING tokens from the total funds stolen, Nansen states that the amount of funds stolen stands above $700,000.
The attackers initially gained access by exploiting a MailerLite employee, who inadvertently authenticated access during a social engineering attack. This access allowed the hackers to compromise MailerLite’s internal admin panel, enabling them to reset passwords and impersonate user accounts, specifically targeting cryptocurrency-related profiles.
MailerLite acknowledged that 117 accounts were accessed during the breach, with a subset exploited for launching phishing campaigns. The compromised data included full names, email addresses, and personal information uploaded to MailerLite.
This multi-stage attack employed a technique known as “dangling DNS,” exploiting active DNS records even after customers closed their MailerLite accounts. This vulnerability enabled hackers to impersonate domains that had long ceased using the mailing provider.
