A phishing attack orchestrated through the exploitation of a vulnerability in the digital marketing platform Mailer Lite has resulted in a substantial loss of over $600,000, according to findings by web3 security and privacy firm Blockaid. The attacker capitalized on the vulnerability to craft seemingly legitimate emails, mimicking renowned web3 firms such as CoinTelegraph, WalletConnect, Token Terminal, and De.Fi. These deceptive emails contained malicious links leading to wallet-draining sites. Blockaid highlighted that the attackers leveraged Mailer Lite’s permission to send emails on behalf of the targeted organizations, using lingering “dangling dns” records associated with Mailer Lite even after account closures.
The specific technique employed involved the creation of “dangling dns” records previously used by the affected companies but left active after closing their accounts. This allowed the attackers to claim and impersonate these accounts, leading to a successful phishing campaign.
The vulnerability in Mailer Lite not only facilitated the imitation of legitimate communications but also enabled the inclusion of malicious links that contributed to the financial losses. The exploited digital marketing platform became an unwitting tool in the hands of the attackers, emphasizing the significance of securing such platforms to prevent unauthorized access and abuse. The incident underscores the evolving tactics used by threat actors to compromise and exploit vulnerabilities in widely used platforms for financial gain.
