Block.one admits email breach and warns of sophisticated EOS phishing attempt
Block.one, the company behind the EOS.IO architecture and the EOS token, released a statement today warning its community about a phishing scheme which has already fooled several experienced investors in the crypto sphere.
Reddit user “designeey” appealed to the EOS community when he realised that he was one of those who had been taken in. Describing himself as a “crypto enthusiast that’s been in the space since 2012” he said he had “never imagined” that he “would ever be scammed by a phishing attack.”
The scheme was particularly effective as the email was sent from a Block.one email address. Indeed, it appeared in the same email thread as a legitimate correspondence he was having with the company. He only realised there was a problem when he received “another consecutive email from the same address warning me that there had been an attack.”
The phishing email came from “Aaron Liebling” at the firstname.lastname@example.org email address, and instructed the recipient to go to a website the company had apparently made “in-order to help you.”
Following the link he “stupidly imported my private key to their webapp” as “it was the most official thing I’d seen for registering.” 5,158 EOS were then withdrawn from his wallet, worth around $64,500.
The Block.one response
Block.one have released a statement saying that several of their community today received an email linking to a “scam website claiming to be able to register EOS Tokens ahead of the end of the EOS Token distribution.”
Most worryingly, “some of these emails came from the Block.one Zendesk support system”, which had been “temporarily breached” at the time the message was sent out.
The phishing message has in its subject line, “upcoming June 1st update!” and directs recipients to the website eoslaunch.io, which has been “flagged as a scam by the Ethereum Phishing Detector.”
On hearing of the security breach Block.one sent a warning email to its users and shut down Zendesk, its customer support system, pending an investigation on how the breach occurred.
Most concerning for Block.one and the EOS community is that the email either mimicked or used real Block.one email addresses, making the subterfuge much harder for a potential victim to identify. According to the statement, “we believe that the sender had access to certain Block.one systems”. Assuming that access, the sender “may have seen emails sent to or from email addresses related to Block.one”, including “personal information if it was communicated in an email.”
Image From Shutterstock