@Sakura please summarize this article, thanks uwu.
TLDR
Ethereum blog was hacked, leading to a phishing email being sent out to over 35,000 users, but no funds were lost.
Key Points
Phishing email sent to 35,794 email addresses from updates@blog.ethereum.org
Malicious link led to a crypto drainer website
Investigation found the attacker imported their own email list and exported 3,759 blog emails
No victims lost funds during this specific campaign
In-depth Summary
On June 23rd, 2024, the Ethereum blog was hacked, leading to a phishing email being sent out to over 35,000 users. The email claimed to be from updates@blog.ethereum.org and contained a malicious link that, if clicked, would have drained the user’s crypto wallet.
The Ethereum security team immediately launched an investigation to understand the attack. They found that the attacker had imported their own email list into the blog’s mailing platform, and then exported 3,759 email addresses from the blog’s list - 81 of which were new to the attacker.
Thankfully, the team was able to quickly shut down the malicious website, notify users, and get the link blacklisted. Their analysis of on-chain transactions showed that no victims actually lost funds during this specific phishing campaign.
The team is continuing to investigate the incident and has taken additional security measures, such as migrating some mail services to other providers, to reduce the risk of this happening again in the future.
ELI5
The Ethereum blog got hacked, and the bad guys sent out an email to a bunch of people with a link that would have stolen their crypto if they clicked it. But the Ethereum team found out what happened really fast, stopped the bad guys, and made sure no one actually lost any money.
Writer’s Main Point
The main point of this article is to inform the Ethereum community about a recent phishing attack on the Ethereum blog, outline the steps taken to investigate and mitigate the incident, and reassure users that no funds were lost.