Key takeaways:
- The metaverse initiative informed its community that an unauthorized user had accessed an employee’s computer.
- The team claims no further repercussions were specified, and the employee’s account and access to The Sandbox were blocked.
A blockchain-based metaverse business called The Sandbox warned about a security breach. An unauthorized third party sent a fraudulent email to platform users, according to a blog post the business published on Thursday.
The fraudulent email titled “The Sandbox Game (PURELAND) Access” was sent on February 26. It contained links that, if opened, could infect a user’s computer with malware. Through this malware, a third party could take control of the user’s computer and access their confidential data.
According to the Sandbox, the outside entity could not access any other The Sandbox services or accounts and could only access one employee’s computer. The attacker only had access to the email addresses of users of The Sandbox. No monetary loss has been recorded thus far.
Following the breach, The Sandbox advised users to be cautious of potential phishing attacks and instructed those specifically targeted not to access, play, or download anything from the hyperlinked website.
The technical team also advises users to increase their security precautions, such as using two-factor authentication and creating strong passwords, to make their accounts as secure as feasible. In the email stated above or any other emails you suspect are fraudulent, never click on any of the URLs. As soon as possible, set up and start using an effective antivirus program to look for and eliminate viruses.
In order to quickly address the problem, the project sent emails to users who might have gotten the fraudulent email, blocked the employee’s access and accounts, and reset all associated passwords using two-factor authentication. The business said it was reformatting the employee’s laptop and was working to enhance its security procedures.
This hack is the most recent in a series of email-based phishing attempts that seek to steal cryptocurrency assets or collect user information. Recent cyberattacks on Namecheap’s email system led to a pervasive fake phishing campaign that instructed users to upgrade their cryptocurrency wallets.
These kinds of phishing email campaigns have occasionally allowed hackers to steal sizable amounts of money. In February 2022, a lousy actor tricked OpenSea users into signing a malicious transaction sent to them via an email attachment, stealing NFTs valued at about $2 million.
