Scammers have stolen over $580,000 from unsuspecting victims in an ongoing hacking and phishing attack that is using email addresses of major Web3 companies, including Cointelegraph, WalletConnect and Token Terminal.
Cryptocurrency investigator ZachXBT flagged a multichain address on his Telegram channel that has amassed more than $580,000 of stolen cryptocurrency since the phishing emails were delivered.
The address contains a mix of 280 different cryptocurrency tokens. 86% of the wallet's portfolio contains Ether (ETH), with a total of 227 ETH.
Related: Trezor discloses 66K users affected by phishing attack
WalletConnect also warned users on X that it was aware of the phishing email, which was prompting users to claim the malicious airdrop link.
We’re aware of an email that appears to have been sent from an email address linked to WalletConnect prompting recipients to open a link to be able to claim an airdrop.
— WalletConnect (@WalletConnect) January 23, 2024
We can confirm that this email was not issued directly from WalletConnect or any WalletConnect affiliates, and… pic.twitter.com/bksAlMnWja
Web3 SocialFi and antivirus app De.Fi also had users targeted by an email promoting a Launchpad launch, including a link to an airdrop. The attackers also announced a fake Token Terminal beta launch, which featured a button to claim a fictitious airdrop.
The email addresses used by the attackers are designed to dupe recipients into believing their authenticity, with no discernable difference from legitimate addresses of the associated companies.
Investors are advised to maintain caution when interacting with all emails claiming unexpected airdrop announcements.
Magazine: Doctor Who materializes in Web3: Tony Pearce’s journey in time and space