Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to the latest official blog post by the Ethereum Foundation, their email account was hacked, and phishing emails were sent to 35,794 recipients. The email falsely claimed that the Foundation was partnering with LidoDAO to offer a 6.8% Ethereum staking yield. If users clicked the link in the email and approved the transaction, their wallets would be drained. The Foundation quickly halted the malicious emails, closed the attack vector, and ensured that the hackers could no longer access the email account. The investigation revealed that the hackers obtained 81 new email addresses during the attack, but no victims lost any funds. Attack method (per SlowMist): Account Compromise. Reported loss: -.
- chain
- ethereum
- protocol
- Ethereum Foundation
- bug_class
- phishing
- date_occurred
- 2024-06-23
- loss_usd
- —
- source_id
- sm:ethereum-foundation::2024-06-23