Nearly $580K drained with Cointelegraph, Wallet Connect fake airdrop

Official email addresses of popular cryptocurrency firms have sent phishing links to their audiences through a fake airdrop, stealing almost $580,000 at press time.

News outlet Cointelegraph, data platform Token Terminal, bridge provider Wallet Connect, and software firm De.Fi were among the firms targeted by hackers.

Each company featured different promotions in emails to users. De.Fi was supposedly launching staking options, WalletConnect said it wanted to reward customers, and an airdrop for Cointelegraph’s tenth anniversary was used to disguise the phishing link.

“We hope this email finds you well and thriving in the world of decentralized finance!” wrote hackers imitating WalletConnect. Cointelegraph’s email opens with the same sentence — just without an exclamation mark.

Read more: Hackers target MacOs users through pirated apps that steal crypto

The associated wallet address has received almost $580,000 from unsuspecting victims. Several shared that their crypto was taken in reply to sleuth ZachXBT on X (formerly Twitter), whose post spread awareness of the coordinated hack.

WalletConnect has since launched an investigation into the fake airdrop. “We can confirm that this email was not issued directly from WalletConnect or any WalletConnect affiliates,” it said on X. Other affected crypto companies have issued similar confirmations.

De.Fi stated that hackers may have gained access to its email addresses through third-party email service provider Mailer Lite. “We are already moving our databases to another provider to ensure further safety of our users,” it said.

MailerLite has not posted about its involvement, but experienced a major outage on January 11.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XInstagramBluesky, and Google News, or subscribe to our YouTube channel.