WalletConnect warns users about a phishing attack

WalletConnect is warning its users that there is an ongoing phishing email campaign involving them, aimed at developing a crypto scam. 

Crypto Scam: WalletConnect’s warning to its users about the ongoing email phishing campaign

WalletConnect, the open-source tool that allows a mobile wallet to connect to blockchain-based dApps, is warning its users about an ongoing crypto scam.

“We are aware of an email that appears to have been sent from an email address associated with WalletConnect, inviting recipients to open a link to request an airdrop. We can confirm that this email was not sent directly from WalletConnect or any WalletConnect affiliate, and the link appears to lead to a malicious website. We are collaborating with @blockaid_ to further investigate. As we continue to better understand the situation, we urge anyone who has received this email to not interact with it.”

In practice, it seems that some scammers are posing as WalletConnect, sending phishing emails promoting the launch of a new token.

Within this email, recipients are invited to open a link to request the airdrop, instead entering the malicious website. 

Apparently, however, the same phishing email campaign is involving not only WalletConnect, but also other major Web3 companies, such as Cointelegraph and Token Terminal. 

Crypto Scam: over $580,000 already stolen from phishing emails targeting WalletConnect and other Web3 companies

While WalletConnect seems to be investigating to better understand the situation, Token Terminal also warns its users about the ongoing crypto scam.

“THIS IS NOT REAL. We are investigating and will provide a public follow-up once resolved.”

Not only that, crypto investigator ZachXBT has reported that the stolen funds already amount to over $580,000. 

“Community alert: phishing emails have been sent that appear to come from CoinTelegraph, Wallet Connect, Token Terminal, and DeFi. ~So far, approximately $580,000 has been stolen. 0xe7D13137923142A0424771E1778865b88752B3c7”

Basically, ZachXBT has published the multichain address that has accumulated over $580,000 worth of stolen cryptocurrencies since the phishing emails were delivered. Specifically, the address contains a mix of 280 different cryptos, including 227 ETH. 

Trezor has also published a security notice

A few days ago, the crypto hardware wallet Trezor issued a security warning to its users regarding another phishing email campaign that has affected it.

And indeed, it was January 17, 2024, when Trezor intervened to block a breach in its customer support system, managed by third parties, where only email addresses and user names/nicknames were stolen. 

So no crypto funds stolen, but the crypto hardware wallet specified that scammers may contact the victim users again of the email phishing campaign to obtain their recovery seed phrase. 

Trezor a few days ago, like today WalletConnect, Token Terminal and Cointelegraph, are all urging users to pay the utmost attention to avoid falling into crypto scams.

Source: https://en.cryptonomist.ch/2024/01/23/scam-crypto-walletconnect-warns-users-of-an-ongoing-email-phishing-campaign/