Fake Airdrop: How Hackers Stole Over Half a Million Dollars from Crypto Users

Connect with us

A coordinated phishing attack targeted several Web3 firms, including WalletConnect, Token Terminal, DeFi, and Cointelegraph.

The hackers used email addresses that looked identical to the genuine ones and offered free tokens to users who clicked on a malicious link.

ZachXBT first exposed the phishing scam about a fake airdrop, an on-chain sleuth who tweeted screenshots of the fake emails used by the hackers to conduct scams. The emails claimed to be from various Web3 platforms, decentralised applications running on blockchain networks.

The hackers used different pretexts to entice users to click on a link that would supposedly grant them free tokens, also known as airdrops. For example, WalletConnect users were told that the airdrop was a way of thanking them for their support, while Token Terminal users were informed that the airdrop was part of the launch of their beta version.

The link, however, led to a malicious site that would steal the users’ private keys, passwords, or funds from their crypto wallets. According to ZachXBT, the hackers managed to siphon over $580,000 from unsuspecting victims.

The Response from the Affected Firms on Scam & Fake Airdrops

As soon as the phishing attack was discovered, the affected firms issued official statements to warn their users and deny any involvement in the fake airdrop offers. They also advised their users to verify the authenticity of any email they receive and to never share their private keys or passwords with anyone.

WalletConnect confirmed that the email was not sent by them or any of their affiliates and that the link was dangerous. Cointelegraph stated that they do not issue airdrops and that the email was fake. Token Terminal also verified that the email was fraudulent and that they do not have a beta version.

DeFi, a decentralized finance portfolio tracker, revealed that the source of the phishing attack was Mailer Lite, an email service provider that they and other affected firms used. They said that they were moving their databases to another provider to ensure the safety of their users.

The Importance of Cybersecurity in the Crypto Space

The phishing attack highlights the need for more cybersecurity awareness and measures in the crypto space, which is often targeted by hackers due to its high value and anonymity. Users should always be cautious of any unsolicited offers or requests that involve their crypto assets and should use reputable and secure platforms to store and manage their funds.

The Web3 firms, on the other hand, should also implement stronger security protocols and encryption to protect their users’ data and email addresses from being compromised. They should also educate their users on how to spot and avoid phishing scams, fake airdrop and other cyber threats.

Disclaimer

It’s important to note that the views and opinions presented in this article are for informational purposes only and do not constitute financial, investment, or other advice. Investing in or trading stocks carries inherent risks, and readers should conduct their research before making any financial decisions.