ZadeNor AI
Back to Blog
Web3 & Blockchain

blog.ethereum.org mailing list incident

December 3, 2025
5 min
2,262 views
By ZadeNor AI Team
blog.ethereum.org mailing list incident

blog.ethereum.org mailing list incident

Incident Report: Phishing Email Campaign Targets Ethereum Blog Mailing List

Overview of the Incident

On June 23, 2024, at 00:19 AM UTC, a phishing email campaign was launched against the Ethereum blog mailing list, targeting 35,794 email addresses. The malicious email was sent from an unknown sender with the email address [email protected]. The email contained a link that, if clicked, would redirect users to a malicious website designed to drain their cryptocurrency wallets.

Initial Response and Containment

Our internal security team quickly launched an investigation to determine the source of the attack, its objectives, the timing, the affected parties, and the methods used. The team took immediate action to prevent the threat actor from sending additional emails, sent out notifications via Twitter and email to warn users not to click the link, and closed down the malicious access path used by the threat actor to obtain access to the mailing list provider.

Malicious Link Blacklisting and Wallet Provider Action

The malicious link was submitted to various blacklists, and it was subsequently blocked by the majority of web3 wallet providers and Cloudflare. This swift action prevented potential victims from falling prey to the phishing campaign.

Investigation Findings

Our investigation revealed that the threat actor had imported a large email list of their own into the mailing list platform, which was then used for the phishing campaign. The email list contained 3759 email addresses from the blog mailing list. When compared to the email list imported by the threat actor, it was found that 81 email addresses from the blog mailing list were not previously known to the threat actor, while the rest were duplicate addresses.

On-Chain Transactions Analysis

Analyzing on-chain transactions made to the threat actor between the time they sent out the email campaign and the time the malicious domain was blocked, it appears that no victims lost funds during this specific campaign. This suggests that the threat actor's objective may have been to test the effectiveness of the phishing campaign rather than to drain wallets.

Additional Measures and Future Plans

As we continue to work on this incident, we have taken additional measures to further reduce the risk of similar incidents in the future. These measures include migrating some mail services to other providers. We are also working closely with our internal security team and external security teams to investigate this incident and address any vulnerabilities that may have been exploited.

Conclusion and Forward-Looking Thoughts

The phishing email campaign targeting the Ethereum blog mailing list serves as a reminder of the importance of security and vigilance in the cryptocurrency space. As the use of cryptocurrency and blockchain technology continues to grow, so does the risk of phishing and other types of cyber attacks. It is essential for users to remain aware of these risks and take necessary precautions to protect themselves.

In the future, we can expect to see more sophisticated phishing campaigns and other types of cyber attacks. As a result, it is crucial for organizations and individuals to stay ahead of the curve by implementing robust security measures and staying informed about the latest threats and vulnerabilities.

Recommendations for Users

To avoid falling prey to phishing campaigns like the one described above, users should:

  • Be cautious when clicking on links or downloading attachments from unknown senders
  • Verify the authenticity of emails and websites before providing sensitive information or clicking on links
  • Use two-factor authentication (2FA) and other security measures to protect their accounts and wallets
  • Stay informed about the latest security threats and vulnerabilities
  • Report any suspicious activity to the relevant authorities

By following these recommendations and staying vigilant, users can reduce the risk of falling victim to phishing campaigns and other types of cyber attacks.

Source: https://blog.ethereum.org/en/2024/07/02/blog-incident

Source: https://blog.ethereum.org/en/2024/07/02/blog-incident

About the Author

ZadeNor AI Team is a leading expert in WEB3 & BLOCKCHAIN, contributing to cutting-edge research and development in the field.

Share this article

TwitterLinkedInFacebookWhatsAppRedditEmail

Related Posts

The Ethereum Foundation's Commitment to DeFi

The Ethereum Foundation's Commitment to DeFi

DeFi isn't a speculative bet on the future. It's the inevitable evolution of finance, driven by a fundamental truth: financial autonomy is a right, not a privilege. And it's been a critical driver of Ethereum's growth and adoption. We want to see DeFi thrive, but we're opinionated about what...

275
5 min
Sepolia Post-Merge Upgrade Announcement

Sepolia Post-Merge Upgrade Announcement

The Sepolia testnet will undergo a post-merge execution layer (EL) upgrade at block 1735371, expected on August 17, 2022 The upgrade will cause EL clients on the network to disconnect from peers which have not transitioned to proof-of-stake. It does not add additional functionality beyond this. Sepolia node operators must...

441
5 min
Shipping an L1 zkEVM #2: The Security Foundations

Shipping an L1 zkEVM #2: The Security Foundations

Thanks to Arantxa Zapico, Benedikt Wagner, and Dmitry Khovratovich from the EF cryptography team for their contributions, and to Ladislaus, Kev, Alex, and Marius for the careful review and feedback. The zkEVM ecosystem has been sprinting for a year. And it worked! We crossed the finish line for real-time...

226
5 min