0
0
Phishing Attempt on Decrypt Media
In the early hours of March 27, hackers posed as Decrypt and sent out an email to our newsletter subscribers, falsely announcing a token airdrop. Once we became aware of this phishing scheme, we promptly issued a warning to our readers regarding the deception.
Regrettably, in our urgency to caution our subscribers and due to a prior phishing incident in January, we wrongly attributed the attack to our email service provider, MailerLite. Upon investigation, it was revealed that the hackers had gained access to our password key through an individual affiliated with Decrypt, absolving MailerLite of any responsibility for the breach.
“Due to security protocols, MailerLite does not retain API keys in their system, rendering it impossible to access them through the admin panel or any user account,” stated a MailerLite representative today. “Although Decrypt Media’s account was impacted during MailerLite’s data breach on January 23, 2024, the culprits were unable to obtain API keys necessary for initiating phishing campaigns on March 27, 2024.”
We extend our sincere apologies to MailerLite for incorrectly implicating them in this incident and acknowledge our error in judgment.
Investigation and Collaborative Measures
Following this breach, we have launched a thorough examination of the events and are collaborating with law enforcement authorities. According to MailerLite’s findings, the phishing campaigns were orchestrated via the MailerLite API, emanating from IP address “69.4.234.86” and utilizing user agent “python-requests/2.31.0”. The perpetrators, after obtaining access to our email list, selectively removed addresses ending in decrypt.co or decryptmedia.com to evade immediate detection by our team, proceeding to disseminate the fraudulent email.
Fortunately, the majority of our readers displayed caution in response to this phishing attempt, with only one individual attempting to link their wallet to the counterfeit address. Nonetheless, even a single instance of such deceitful activity is one too many.
Cryptocurrency scams are distressingly prevalent within our industry, evolving in complexity over time. Decrypt, like numerous other entities in the crypto sphere, has been exploited or misrepresented as a tool for cyber attacks. Perpetrators have even gone to the extent of establishing fraudulent websites, fake Discord servers, and counterfeit social media accounts impersonating our team. It should be noted that Decrypt solely operates through two domains: decrypt.co and decryptmedia.com. Any redirection to alternative domains should be viewed with suspicion.
In light of this incident, we urge vigilance and caution in navigating the digital landscape. Your safety and security are of paramount importance to us, and we remain committed to upholding the integrity of our platform. We appreciate your continued readership and support of Decrypt.
Image/Photo credit: source url
