The Ethereum Foundation has confirmed a major security breach involving its official email system which is managed through a third-party service provider, SendPulse. Tim Pico, a prominent figure at the Ethereum Foundation, Starch An alert on social media platform X, revealing that the “updates@ethereum.org” mailing list has been hacked. This breach exposed subscribers to phishing attempts designed to mimic official communications from the organization.
The Ethereum Foundation issues urgent scam warning
The hack was initially revealed by Tim Beiko, who posted a warning message on He immediately advised against clicking on any links from emails allegedly sent by the organization. To help identify these phishing attempts, Beiko shared an example of a fraudulent email that promised an innovative staking platform in collaboration with Lido DAO, falsely offering an APY of 6.8% on staked ETH variants such as stETH, wETH, or ETH.
The phishing emails prepared by the attackers were sophisticated in style and presented themselves as a tempting investment opportunity. It mentioned a collaborative effort between the Ethereum Foundation and Lido DAO, known for its staking services, to deliver a staking platform backed by “best-in-class security” and “100+ integrations” aimed at enhancing the staking experience. Offering high returns and leveraging reputable names like Ethereum and Lido DAO, the email aims to trick users into clicking on malicious links that could lead to data theft or installation of malware.
And after this pico Updated Community: “Confirming that we were able to send an update. We should have closed all external access, but we will still confirm that.” This indicates that the organization’s IT team had taken steps to regain control of the compromised account and was in the process of validating the security measures in place to prevent further unauthorized access.
The Ethereum Foundation, in collaboration with SendPulse, is investigating the hack to understand the extent and method of the attack. Preliminary findings indicate that attackers exploited vulnerabilities in the SendPulse security framework to gain unauthorized access to the email list. This incident highlights potential security flaws in the integration of third-party service providers with critical communications systems.
In response to the hack, the Ethereum Foundation issued a patch notice via its official blog and email system, directing users to ignore previous phishing emails and avoid engaging with any suspicious links or attachments. “Important: Update@ethereum.org has been compromised. Ignore previous emails,” the patch email said, with the community clearly instructed on how to avoid potential security risks associated with the breach.
The Ethereum Foundation advised its community members to double-check the authenticity of any communications claiming to be from the Foundation. Users are encouraged to check messages by directly contacting the organization through its official channels or by following updates on the organization’s official social media handles and website.
Furthermore, the community is urged to report any suspicious activities or emails simulating enterprise communications, as this will help limit the spread of phishing attempts and will assist in the ongoing investigation.
At press time, Ethereum was trading at $3,372.
Featured image created with DALL·E, chart from TradingView.com
