Blog.ethereum.org Mailing List Incident

53 points by mike-cardwell 1 year ago | 31 comments
  • throw156754228 1 year ago
    >Our internal security team immediately launched an investigation to help determine what the aim of the attack was,

    To steal people's crypto?

    • nubinetwork 1 year ago
      Could be worse, I just got an email saying I'm eligible for $100 worth of some ethereum altcoin because I'm a Github user. Only problem is that I have to install some app and let them hijack my Github account if I want them... of course I'm not going to be entertaining that scam.
      • noch 1 year ago
        [flagged]
        • nubinetwork 1 year ago
          > Unfortunately, many contributors are leaving thousands of dollars unclaimed because they think they are being scammed.

          > Starkware airdrop

          I didn't want to name names, but if they wanted to give me money, their email shouldn't have set off Gmail's spam filter... they could have also converted their scamcoin themsevles and donated to my patreon. /shrug

          • acheong08 1 year ago
            I really don’t understand why they do such airdrops. I got $300 from Starknet for doing nothing and immediately sold it. From what I understand, their community is pretty pissed that some randos got more money than they did despite actually engaging in the community and I tend to agree. Also, the fact they can just print money like this confuses me.
            • nradov 1 year ago
              There's no such thing as a "legitimate" airdrop. They're all scams. Sometimes the scam targets aren't the airdrop recipients thought; those may be just a preliminary step to establish a measure of credibility as part of a long con.
        • chrisandchris 1 year ago
          I'm mostly surprised by the number of subscribers

          > The threat actor exported the blog mailing list email addresses, which was a total of 3759 email addresses.

          3700 addresses doesn't seem like that much at all.

          • throwaway211 1 year ago
            Ethereum might be a load of gas. NFTs are after all just a few hundred NFT influencers reinventing themselves and their pseudonyms for their audience of wannabes.
            • PretzelPirate 1 year ago
              I've been an Ethereum user since it first launched and I've never been on the mailing list. I suspect that's the case for most of the community. I've never felt like I've missed out on information from not being on it.
              • yieldcrv 1 year ago
                I tried to write the same thing but apparently its controversial

                My best guess is that people need to feel validated that crypto is smaller than its airtime, and that they didn't waste the last decade of their life in an echo chamber of things that went wrong in the space at the exclusion of the things working fine

              • _carbyau_ 1 year ago
                For the type of attack deployed it was a target rich list though!
                • yieldcrv 1 year ago
                  Several things at play here:

                  A) no crypto enthusiast or speculator needs to be subscribed to the ethereum foundation’s blog since 2014, which was 10 years ago for reference. But even then forums and twitter worked well enough for resyndicating news.

                  B) Its more likely they pruned the mailing list multiple times after every bull cycle, asking people if they still wanted to be subscribed to reduce complaints and bounce rates. Crypto bear markets are deep doldrums.

                • acjohnson55 1 year ago
                  It doesn't seem to say how the mailing list was hacked and why we shouldn't be concerned about their overall security practices.
                  • ChilledTonic 1 year ago
                    Off the cuff thought, but I wonder if the early days of modern banking were marred with such blatant fraud and deceit.

                    I think of stage coach robberies of US bonds, and the various bank “rug-pulls” (to use crypto fraud nomenclature) that occurred before the Coinage act of 1857 - but it’s such distant history it’s hard to find how people felt about it at the time.

                    What I’m getting at is this - is crypto fraud innate to it’s very essence, or did all “advancements” in banking technology have the same problem before everyone settled in and “got used” to attempts at fraud.

                    • shrubble 1 year ago
                      Even in ancient Sumeria where they used sealed clay jars (an early form of baking if you think about it), they have found examples where the stated contents on the writing outside and what was found inside were not the same....
                      • throwaway211 1 year ago
                        Yes. Banks, especially trust, transaction banking, bills, discounting, came about in no small part as fraud avoidance.
                        • yieldcrv 1 year ago
                          The rug pulls continued well into and past the 1930s, when bankers thought it would be funny to make an insurance pool out of tax payer money, thereby increasing deposits and business. It worked. Nothing fundamentally prevents it from happening again, state sponsored deposit insurance has expanded to more asset classes and deposit types several times. Deposit insurance is just a confidence game.
                        • bakerpearl 1 year ago
                          [dead]
                          • titanlon 1 year ago
                            [flagged]
                            • Simon_ORourke 1 year ago
                              What I take from reading this, is that only 35k folks are interested in Ethereum.
                              • can16358p 1 year ago
                                Or, many tech-savvy folks are living beyond email-era: as someone enthusiast about Ethereum and technology in general I never use emails or subscriptions and get my news simply by other means.