By: Isha Das
Tether's CEO Paolo Ardoino has brought to light a significant security breach affecting crypto companies. In a post on X (formerly Twitter), Ardoino revealed that an unnamed vendor responsible for managing mailing lists for various crypto firms has been compromised, leading to a wave of phishing attacks.
The breach was discovered after two independent sources relayed incidents of suspicious emails sent to the crypto community. These emails promised upcoming token airdrops, including one purporting to be from Bitfinex, announcing an ERC20 token airdrop in celebration of the recent approval of Ethereum spot exchange-traded funds (ETFs). The emails came from official addresses, which made them appear legitimate.
Upon clicking on the 'claim now' links, users were directed to a scam website that prompted them to connect their wallets. After testing, it was revealed the site generated new wallets for each victim, making it difficult to track the number of affected users and funds. Similar emails from Coinbase claimed the exchange was shutting down and urged users to verify secondary addresses, which also turned out to be fraudulent.
CoinGecko’s COO Bobby Ong also confirmed the ongoing supply chain email exploit, advising users to be cautious of emails promising fake token launches. CoinGecko confirmed that its website and mobile app remain secure, denying any plans to launch a token.
The crypto community is on high alert as this is not the first time a phishing scam of this nature has hit the industry. In January, a similar attack resulted in the theft of around $600,000 from investors. Users are urged to exercise extreme caution and verify the authenticity of any email offers related to crypto airdrops or token launches.