Mailer Lite hacker impersonates crypto firms, draining $600,000 with phishing emails

Digital marketing platform Mailer Lite was the victim of a phishing attack that resulted in the loss of over $600,000, according to the web3 security and privacy firm Blockaid. 

The exploiter used a vulnerability in Mailer Lite to mimic web3 firms sending seemingly legit emails that actually contained malicious links to wallet drainer sites, Blockaid explained in a social media thread Tuesday, adding that "attackers took advantage of the fact that Mailer Lite had previously been given permission to send email on behalf of these site’s domains, enabling them to craft emails that seemed to be coming from these organizations."

"Specifically, they used 'dangling dns' records which were created and associated with Mailer Lite (previously used by these companies)," it continued. "After closing their accounts these DNS records remain active, giving attackers the opportunity to claim and impersonate these accounts."

CoinTelegraph, WalletConnect, Token Terminal and De.Fi were among the platforms targeted by the phishing attack, according to the crypto sleuth ZachXBT .