Email service provider MailerLite was the victim of a phishing attack, and the target was the crypto market, the company notified Decrypt on Tuesday.
According to an email alert from the company, the attack happened after a support team member clicked a deceptive link, entered their Google credentials, and confirmed the second-factor challenge—giving hackers access to Mailerlite’s internal system.
“Upon gaining access, the perpetrators executed a password reset for a specific user on the admin panel, further consolidating their unauthorized control,” Mailerlite said. “With this level of access, they were able to impersonate user accounts. The focus was exclusively on cryptocurrency-related accounts.”
Mailerlite says 117 accounts were accessed by the perpetrators, adding that a small number of the accounts were used to launch phishing campaigns using the available names, email addresses, and whatever personal information was uploaded to the service.
According to internet sleuth ZachXBT, affected accounts included CoinTelegraph, Wallet Connect, Token Terminal, and De.Fi. Decrypt was also notified that its account was accessed, but according to Mailerlite, no emails were sent from the system, nor was its contacts list exported.
As the hackers were able to wrap their malicious links in the familiar templates of Mailerlite customers, over $580,000 was stolen, ZachXBT said. He also shared the address to which the ill-gotten funds were sent.
Web3 security firm Blockaid put the total haul at over $600,000.
“When MailerLite became aware of the incident, MailerLite successfully identified and resolved the issue, terminating the access method used by the perpetrators to infiltrate the platform,” MailerLite said. “MailerLite can confirm that the breach was fully stopped.”
Mailerlite said the company continues to monitor the situation.
“We will also make the necessary changes to our internal processes, addressing any employees who have not adhered to these processes and focusing on better security training,” the company said.
Edited by Ryan Ozawa.
Comments are closed.