Crypto-Sec is our bi-weekly round-up of crypto and cybersecurity stories and tips.
Biggest phish of the week: Attacker targets Hedera users
On June 26 a marketing email for Hedera was hacked, with the attacker sending out phishing emails to the team’s subscribers. Hedera is the developer of Hedera Hashgraph, a proof-of-stake blockchain network launched in 2018.
The team acknowledged the hack in a post to X and warned users not to interact with any links in emails from marketing@hedera.
The marketing@hedera email has been compromised. Do not open any emails or links from this address. We’ll provide more details soon.
— Hedera (@hedera) June 26, 2024
Phishing is a technique where an attacker poses as a trusted source and convinces the user to give away information or to perform an action the attacker desires. In this case, the attacker used the compromised Hedera email to pretend to be a representative of the development team.
The team has not yet disclosed what was in the phishing emails. However, most crypto phishing emails offer the user an enticing reward, such as a token airdrop, if they click on a link to navigate to the attacker’s fake website, which often appears to be from a trusted source. When the user connects to the website with their wallet, they are asked to authorize token approvals to receive the airdrop.
But instead of allowing the user to obtain the airdrop, these approvals allow the attacker to drain the user’s wallet. Users should consider being extra cautious when clicking links from emails, even if the emails come from what appears to be a trusted source. As the Hedera example illustrates, even trusted email addresses can be hacked or spoofed.
The Hedera team promised to provide more details soon. Cointelegraph could not determine how much crypto, if any, was lost due to the phishing emails at the time of publication.
White hat corner: MoveIt file transfer…
..
