Phishing Scam Targets Decrypt Newsletter Subscribers—Stay Informed
Early on the morning of March 27, cyber criminals posing as Decrypt sent out a deceptive email to our valued newsletter subscribers, falsely announcing a token airdrop. As soon as we were alerted to this phishing attempt, we swiftly issued a follow-up email to our readers, warning them of the scam.
During our initial response, we mistakenly attributed the attack to our email service provider, MailerLite. However, upon further investigation, it became clear that the hackers had gained access to our password key from within Decrypt, not through any fault of MailerLite. We sincerely apologize to MailerLite for any unwarranted blame we may have placed on them.
According to MailerLite, they do not store information on API keys, making it impossible to access them through their admin panel or account. Therefore, although Decrypt’s account was affected by a data breach in January, the perpetrators were unable to acquire API keys that would have enabled them to launch phishing campaigns on March 27.
We are currently working with law enforcement to investigate the incident further. MailerLite has informed us that the phishing campaigns were executed via the MailerLite API, originating from the IP address “69.4.234.86” and using the user agent “python-requests/2.31.0.” The attackers specifically removed email addresses ending in decrypt.co or decryptmedia.com to avoid immediate detection by our staff before sending out their fraudulent email.
Fortunately, the majority of our readers have been cautious and skeptical of such phishing attacks. Only one individual attempted to connect their wallet to the bogus address. However, even one instance is cause for concern.
As we mentioned in our previous email, crypto scams are unfortunately rampant in our industry and continually evolving in sophistication. Decrypt, like many other crypto firms, has faced impersonation and other malicious tactics from hackers. These cyber criminals have even gone to the extent of creating fake websites, Discord servers, and social media accounts to impersonate our staff. Please be aware that Decrypt only operates under two domains: decrypt.co and decryptmedia.com. If someone directs you to any other domain, exercise caution and remain vigilant.
We sincerely apologize for any confusion or inconvenience caused by this phishing scam. The security and trust of our subscribers are of utmost importance to us. We will continue to keep you updated as we gather more information about this incident and work towards preventing such attacks in the future.