admits email breach and warns of sophisticated EOS phishing attempt

phising digital safety concept fishing hook, the company behind the EOS.IO architecture and the EOS token, released a statement today warning its community about a phishing scheme which has already fooled several experienced investors in the crypto sphere.

Reddit user “designeey” appealed to the EOS community when he realised that he was one of those who had been taken in. Describing himself as a “crypto enthusiast that’s been in the space since 2012” he said he had “never imagined” that he “would ever be scammed by a phishing attack.

The scheme was particularly effective as the email was sent from a email address. Indeed, it appeared in the same email thread as a legitimate correspondence he was having with the company. He only realised there was a problem when he received “another consecutive email from the same address warning me that there had been an attack.

The phishing email came from “Aaron Liebling” at the email address, and instructed the recipient to go to a website the company had apparently made “in-order to help you.

Following the link he “stupidly imported my private key to their webapp” as “it was the most official thing I’d seen for registering.” 5,158 EOS were then withdrawn from his wallet, worth around $64,500.

The response have released a statement saying that several of their community today received an email linking to a “scam website claiming to be able to register EOS Tokens ahead of the end of the EOS Token distribution.

Most worryingly, “some of these emails came from the Zendesk support system”, which had been “temporarily breached” at the time the message was sent out.

The phishing message has in its subject line, “upcoming June 1st update!” and directs recipients to the website, which has been “flagged as a scam by the Ethereum Phishing Detector.

On hearing of the security breach sent a warning email to its users and shut down Zendesk, its customer support system, pending an investigation on how the breach occurred.

Most concerning for and the EOS community is that the email either mimicked or used real email addresses, making the subterfuge much harder  for a potential victim to identify. According to the statement, “we believe that the sender had access to certain systems”. Assuming that access, the sender “may have seen emails sent to or from email addresses related to”, including “personal information if it was communicated in an email.

Image From Shutterstock

Related posts