When matched, the company said it found 81 email addresses in the exported mailing list that were not part of the threat actor’s own list.

Phished to a crypto drainer

The phishing emails posed as an announcement claiming that the Ethereum Foundation had teamed up with the Lido decentralized autonomous organization (LidoDAO) to provide a 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether (ETH) deposits. The message assured subscribers that the staking would be “Protected and Verified by The Ethereum Foundation.”

“This website had a crypto drainer running in the background, and if a user initiated their wallet and signed the transaction requested by their website their wallet would have been drained,” the open-source blockchain platform said in the blog.