PSA: Another phishing spree has hit crypto — ignore all emails about airdrops

They say money never sleeps. In crypto, that means the phishers, fraudsters and other cyberbaddies are also always working

article-image

Shutterstock/Kari_Caverdos modified by Blockworks

share

The recent spate of cyberattacks on crypto projects continued Tuesday morning, with a number of teams urging users not to interact with malicious emails sent from official accounts.

Data provider Token Terminal, decentralized finance superapp De.Fi, authentication protocol WalletConnect and crypto media outlet Cointelegraph have all sent warnings about their respective incidents.

“Unauthorized airdrop email sent from Token Terminal — do not connect wallets,” Token Terminal told users in an email about 40 minutes after the illegitimate one.

“We are currently investigating a phishing attack involving an unauthorized email sent from us, directing recipients to an unverified site. This email was not authorized by us and may pose a risk to your security.”

Token Terminal and the other three known affected teams then told users not to click on any links in emails that “look suspicious or unexpected.”

The unofficial email promised users access to an early access airdrop for a purported new cryptocurrency tied to the platform.

“I hope this email finds you well! We’re thrilled to share some exciting news that will surely pique your interest. As a valued member of our community, we wanted to personally inform you about the upcoming TokenTerminal Beta Access Airdrop!”

“We’re on the verge of unveiling the beta version of TokenTerminal, and we want you to be among the first to explore its innovative features and capabilities. To express our gratitude for your continued support, we’ve decided to celebrate this milestone with a special airdrop exclusively for our community members.”

Loading Tweet..

A button underneath directed recipients to claim the airdrop by linking their crypto wallets. Instead of receiving an airdrop, the wallets would instead be drained and sent to the attacker. A similar email was sent to WalletConnect users.

Web3 cybersecurity unit Blockaid, which has been working with affected teams, told Blockworks that in the case of WalletConnect, the perpetrators had used the same wallet draining code utilized in the Ledger Connect Kit phishing spree in December.

Read more: ‘Wallet drainer’ code added to Ledger library has crypto on edge

Blockaid later confirmed the attacker had exploited a vulnerability in third-party email service provider Mailer Lite to carry out the phishing campaign.

It could be that other projects’ emails were successfully hijacked. So for now, it’s best to ignore any and all emails referencing token airdrops (and never connect your wallet to any protocol or service that you have not thoroughly vetted yourself!).

Updated Jan. 24, 2024 at 4:54 am ET: Added context about Mailer Lite.

Updated Jan. 23, 2024 at 9:07 am ET: Added reference to fourth victim Cointelegraph.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates (6).png

Research

In recent months, a number of highly accretive developments were implemented across the protocol to improve fee capture, expand product functionality, and ultimately drive value accrual to the RUNE token, with more upgrades on the immediate horizon. These developments include hiking the minimum swap fee parameter to increase revenue, adding a Burn System Income Lever to reduce the RUNE supply, the addition of COSM-WASM smart contracting and IBC to enable an application layer, new chain integrations, and more.

article-image

Former IRS agent and Binance executive Tigran Gambaryan will remain imprisoned in Nigeria’s Kuje prison

article-image

When Permissionless III wraps on Friday, there will be 26 days left until the 2024 presidential election

article-image

Plus, an update from the ground in Salt Lake City at Permissionless III

article-image

The US regulator accused the crypto market-making firm of acting as an unregistered dealer

article-image

Customers can pay merchants in USDC or USDP on Ethereum, Solana, and Polygon, while US-based merchants are paid in dollars