The recent announcement showcased a new partnership offering a 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether ETH deposits. The collaboration aims to enhance staking experiences by providing deep liquidity and competitive rewards through over 100 integrations.
It was highlighted that the staking service would be “protected and verified” by the Ethereum Foundation, with a “Begin Staking” button featured at the bottom of the announcement. However, it was discovered that clicking this button led users to a malicious website called “Staking Launchpad,” which reportedly hosted a crypto-draining program in the background.
An investigation found that the attacker had uploaded a database of email addresses, exposing subscribers to a potential scam email. Although no funds were lost in the attack, the hacker managed to compromise the email addresses of 81 subscribers.
Consequently, the foundation has taken steps to notify wallet providers, blacklists, and DNS provider Cloudflare to warn users of the malicious website redirection. The incident serves as a reminder of the prevalence of phishing schemes in the cryptocurrency industry, emphasizing the need for heightened security measures and vigilance among users.