- Several crypto firms have reported a breach at an email newsletter provider
- Coingecko and Bitfinex heads have warned recipients about potential phishing emails
- The hack has seemingly targeted the crypto industry, similar to the Trezor-Mailchimp breach
Several crypto firms have reported that a breach at an email newsletter provider may result in an increase in scamming attempts aimed at registrants. The heads of Coingecko and Bitfinex are among those who have warned newsletter recipients to be on the lookout for an increase in phishing emails, with the hack seemingly targeted at the crypto industry. The warning comes two years after Trezor’s newsletter provider, Mailchimp, was compromised for the same ends.
Warning Over Emails
Coingecko’s co-founder and COO Bobby Ong took to X to warn of an “ongoing supply chain email breach attack” which could result in “email blasts of fake token launches”, noting that Coingecko was one of several affected:
PSA: There is an ongoing supply chain email breach attack happening with an email newsletter vendor right now. Several crypto companies may be affected via email blasts of fake token launches. Be careful with email newsletters in the coming days.
We at CoinGecko may be…
— Bobby Ong (@bobbyong) June 5, 2024
Bitfinex and Tether boss Paolo Ardiono added that Bitfinex was also among the victims, confirming that his companies had received multiple independent confirmations that a “prominent vendor used by crypto companies to manage mailing lists might have been compromised”:
We received now 2 independent confirmations that a prominent vendor used by crypto companies to manage mailing lists might have been compromised.
Not making names yet until investigation is completed, but please beware of any emails suggesting crypto-airdrops received since 24h…
— Paolo Ardoino 🤖🍐 (@paoloardoino) June 5, 2024
Anyone signed up to such mailing lists should therefore treat any coming over the next few weeks with extreme caution and not believe any airdrops of offers of free tokens.
Reminiscent of Trezor Breach
The situation is reminiscent of what happened with Trezor in 2022 when its newsletter was compromised. This was another occasion where hackers deliberately targeted the crypto community in the hope of stealing funds from users.
There were no confirmed reports of anyone losing funds to the attack, which was put down to “an insider targeting crypto companies” who worked for Mailchimp, and it is impossible to rule out something similar at this stage.