MailerLite has confirmed that hackers gained access to customer accounts, leading to a calculated cryptophishing attack targeting popular web3 companies.
On January 23, the email marketing company released a detailed description of the events leading up to the hack and subsequent phishing attacks against web3 firms. The attack led to the depletion of approximately $3.3 million in crypto assets from users.
The company confirmed that after being made aware of the incident, it blocked the malicious hackers’ login method, resolved all issues, and the breach was “completely stopped.”
Hackers Targeted 177 Accounts
According to the company’s internal investigation, hackers gained access to the system after a customer support team member clicked on an image while responding to a call.
Linked to a fraudulent Google login page, the user confirmed the process with a false phone confirmation, which led to a broader breach in the admin panel.
According to the report, hackers took the situation further by performing a password reset in the admin panel of impersonated user email accounts.
In the incident that shook crypto investors, a total of 177 MailerLite accounts were affected, but the phishing targeted only a few companies.
The company added: “This breach highlighted the need for increased vigilance and robust security protocol, particularly when addressing routine support interactions.”
Blockchain security firm Blockaid had previously announced that MailerLite was in danger.
3.3 Million Dollars Lost in the Hands of Hackers in Crypto Phishing Attacks
On January 23, cryptocurrency hack researcher ZackXBT, WalletConnect, De.Fi, Token Terminal, Cointelegraph, etc. He posted on X about an ongoing phishing campaign targeting web3 companies including.
Initially, malicious hackers stole $580,000 in digital assets via emails claiming that community airdrops were being issued to reward users.
The platforms immediately issued warnings to the community not to engage with the links and promised to resolve the issues after investigating.
The incident sparked a broader debate about the security of cryptocurrencies and the use of airdrops to target users in social media spaces amid rising numbers of phishing.
The targeted wallet address contained approximately 280 ETH, and the total amount stolen from users is estimated to be $3.3 million.