Major crypto email vendor comprised

Crypto users have received warnings to remain vigilant due to ongoing supply chain attacks targeting the digital asset industry through email newsletters.

Tether CEO Paolo Ardoino alerted users to a compromised email vendor utilized by several digital asset service providers. The vendor’s identity was not disclosed and investigations into the matter remain ongoing. 

CoinGecko co-founder and COO Bobby Ong confirmed the same breach occurred. Ardoino and Ong warned that a flurry of phishing email scams promoting malicious airdrop distribution or token launches might soon target users.

“There is no CoinGecko token being planned, so don’t be duped by the phishing emails,” Ong said on X. A few users on social media also reported shady messages from providers like Binance. Also, crypto.news confirmed that crypto exchange Bitfinex was among the affected companies. 

Crypto phishing issue not novel

Like other digital space participants, digital asset users have dealt with continuous attacks from bad actors attempting to gain access and pilfer funds. A similar case occurred in January when several company emails, including those of Cointelegraph, Trezor, Token Terminal, WalletConnect, and others, were hijacked. 

Nansen customers reported phishing emails last November after a third-party vendor leak. In early 2023, scammers hacked domain registrar Namecheap and bombarded MetaMask users with malicious emails. 

Experts and security veterans have also called on platforms like Google to tighten their systems against bad actors who prey on users and unsuspecting victims.