The world of cryptocurrency can be a treacherous one, and unfortunately, even established platforms aren’t immune to cyberattacks. In a recent incident, digital marketing platform Mailer Lite fell victim to a sophisticated phishing attack, resulting in over $600,000 being stolen from crypto investors.
The Bait: Impersonating Trusted Web3 Firms
The attackers cleverly exploited a vulnerability in Mailer Lite, allowing them to mimic emails from prominent Web3 firms like decentralized applications and crypto wallet bridge provider WalletConnect, full stack on-chain data platform Token Terminal, decentralized finance portfolio tracker De.Fi, and even crypto media house Cointelegraph.
These seemingly legitimate emails, disguised with branding and addresses resembling the genuine companies, offered fake airdrops – a common crypto incentive where tokens are distributed for free. Unsuspecting investors, lured by the promise of free digital assets, clicked on the malicious links embedded in the emails, unknowingly entering a wallet drainer site.
The Trap: Dangling DNS Records and Stolen Crypto
The web3 security and privacy firm Blockaid, which uncovered the attack, revealed a crucial detail: the exploit hinged on “dangling DNS” records. These inactive records, previously used by the impersonated firms when sending emails through Mailer Lite, remained active even after the companies closed their accounts. This gave the attackers the opportunity to claim and utilize these records, crafting emails that appeared to originate from the trusted Web3 platforms.
The Aftermath and Lessons Learned
Mailer Lite promptly shut down the exploit and notified affected users. The targeted companies have also issued warnings, urging users to be cautious of unsolicited airdrop offers and always verify email addresses before clicking on any links.