Beware of airdrops: Tether CEO warns of mailing list breach

The crypto community has been advised by Tether CEO Paolo Ardoino to remain vigilant following the reported compromise of a mailing list management platform that works with crypto companies.

In a post on X (formerly Twitter), Ardoino claimed to have received two separate reports that “a prominent vendor” had been compromised.

The breach was confirmed by CoinGecko’s Bobby Ong, who warned users to be on the lookout for suspicious emails, which may include scams such as “fake token launches.”

In an industry plagued by constant scams, a crypto-specific mailing list can be a lucrative resource for parting unsuspecting users with their tokens.

Last September, a similar air of paranoia swept the community when data analysis platform Nansen was breached, losing email addresses and some users’ (hashed) passwords and blockchain addresses.

PSA: There is an ongoing supply chain email breach attack happening with an email newsletter vendor right now. Several crypto companies may be affected via email blasts of fake token launches. Be careful with email newsletters in the coming days.

We at CoinGecko may be…

— Bobby Ong (@bobbyong) June 5, 2024

Read more: Pink Drainer ‘steps back from the grind’ after stealing $75M from victims

A digital minefield

As well as targeted emails, victims are typically lured in via broader brush approaches, which then serves victims with a ‘wallet drainer’ script. Compromised (or lookalike) accounts on X take advantage of FOMO by imitating genuine projects, promising airdrops or the chance to be ‘early’ to a new token. 

Another approach involves leveraging users’ fear, replying to legitimate posts in the wake of a hack, with malicious links promising to refund victims or secure users wallets from imminent danger.

Just yesterday, a user lost over $2M worth of crypto to a phishing scam. Blockchain investigator ZachXBT, who flagged the loss via his Telegram channel, suspects the victim likely fell for a fake airdrop announcement published by Renzo Protocol’s compromised X account.

Read more: Depeg of $3B restaking token ezETH causes over $60M in DeFi liquidations

Staying safe

Various tools exist for spotting these scams before it’s too late, yet millions of dollars worth of crypto is still lost each month.

Some tools aim to make malicious X accounts more visible, highlighting posts originating from accounts that aim to impersonate a legitimate organization or individual.

Wallet guards, such as BlockAid, are able to simulate the results of a transaction before signing, and can warn users if their funds will be transferred unexpectedly, or to a known malicious actor. However, a high proportion of false positives has led some to criticize the approach, worried it will lead to a ‘boy who cried wolf’ situation.

Last year, in order to combat so-called ‘address poisoning’ scams, popular Ethereum block explorer Etherscan added two new features to its website.

The scam involves fake tokens, or small amounts of genuine tokens, being sent to crypto users from ‘spoofed’ addresses in the hope that the user will mistakenly copy the malicious address while making future transfers.

Update: Zero-value token transfers are now hidden by default

In recent times, 'address poisoning' attacks have phished unsuspecting users and spammed everybody else. With this update you won’t have to see these transfers anymore!

Before ➡️ After pic.twitter.com/F93pWDUJ7a

— Etherscan (@etherscan) April 10, 2023

Read more: Refund of $70M ‘address poisoning’ scam ongoing, over 50% returned

In April, zero-value token transfers were hidden by default. Then, in November, address highlighting was added, in an attempt to make spoofed addresses less effective.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.