MailerLite Confirms Breach: $3.3M Lost in Crypto Phishing Attacks

Hack MailerLite Phishing
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Last updated:
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Author
David Pokima
Author Categories
About Author

David is a finance journalist and a contributor to Cryptonews.com with a keen interest in breaking comprehensive, accurate, and reliable blockchain news.

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

MailerLite has confirmed reports of the hackers gaining access to customers’ accounts that led to a calculated crypto phishing exploit targeted at popular web3 firms.

On Jan 23, the email marketing company released a detailed explanation of the events leading up to the hack and subsequent phishing attacks on web3 firms. The attack led to approximately $3.3 million in crypto assets drained from users.

Today on January 23rd, 2024, at 7:52 am UTC time MailerLite, providing email marketing services to you became aware of a cyber security incident that happened on January 23rd, 2024 at 00:11 AM UTC time that affected several accounts in the cryptocurrency sphere.” 

Source: MailerLite

The firm mentioned that upon notice of the incident, it blocked the bad actor’s method of entry, resolving all issues, and can confirm that the breach was “fully stopped.” 

Hackers Target 177 Accounts

According to the firm’s internal investigation, a customer support team staff member was the point of access by hackers after the team member responding to an inquiry clicked on an image.

Linked to a fraudulent Google sign-in page, the user authenticated the process through a mistaken phone confirmation leading to the broader breach in the admin panel.

Per the report, the hackers took it further by executing a password reset in the admin panel of the impersonator user email accounts. What’s more, only cryptocurrency-related accounts were targeted.

The incident that rocked crypto spaces saw a total of 177 MailerLite accounts impacted, although the phishing campaign targeted a small number of companies.

This breach underscored the need for heightened vigilance and robust security protocol, especially in handling seemingly routine support interactions,” the company added. 

Blockchain security firm Blockaid revealed earlier that MailerLite was compromised. 

$3.3 Million Drained in Crypto Phishing Attacks

On Jan 23, cryptocurrency hack investigator ZackXBT posted on X (formerly Twitter) about an ongoing phishing campaign targeted at web3 firms including WalletConnect, De.Fi, Token Terminal, Cointelegraph, etc.

Initially, the bad actors stole $580,000 in digital assets by sending malicious links through emails claiming to have rolled out community airdrops to reward users.

Platforms immediately sent out disclaimers warning the community not to interact with the links promising to resolve issues after carrying out investigations.

The incident sparked a wider conversation about the safety of cryptocurrencies and the use of airdrops to target users on social media spaces as phishing numbers surge.

The flagged wallet address contained about 280 ETH and the total amount drained from users is now estimated at $3.3 million.

An analysis conducted by crypto users and analytics firm Nansen shows $3.3 million inflows to the wallet but revealed that $2.6 million is held up in XBanking tokens leaving the rest at $700,000.

More Articles

Price Analysis
Solana Struggles: Price Down Almost 15% in a Week – Is It Time to Buy?
Arslan Butt
Arslan Butt
2025-02-08 13:22:54
Price Analysis
ETH Price Down 19.1% This Week: Is It Time to Invest?
Arslan Butt
Arslan Butt
2025-02-08 12:39:41
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors