Leading blockchain based gaming platform, The Sandbox has just issued a warning regarding a security breach specifying that a phishing email has been sent to some users.
Employee Computer Gets Compromised
On March 2, The Sandbox stated that an unauthorized third party gained access an employee’s computer and used it to send fradulent email to its users. The gaming platform noted the misleading email, titled, “The Sandbox Game (PURELAND) Access” contained hyperlinks that could be used to install malwares on the user’s computer granting it control over the machine and giving access to the user’s personal information.
However, on the bright side, Sandbox higlighted that the third party only had access to the single employee’s computer and was unable to access any other services. As soon as the irregularity was detedted, Sandbox proactively took to block the employee’s accounts and access to The Sandbox. The blockchain gaming platform also reformatted the employee’s laptop, and reset all related passwords including requiring two-factor authentication.
The firm urged users “not to open, play, or download anything from the hyperlinked website” recommending users to strengthen their passwords and avoid clicking on suspicious links. The Sandbox added,
“We have not identified any further impacts. However, we are working with our team to monitor the situation and enhance our related security policies and practices.”
Phishing Related Scams Witness a Surge
Phishing attacks are becoming more common and increasingly sophisticated in the cryptocurrency space. Recently, MetaMask, one of the leading crypto wallet providers, issued a warning to investors against ongoing phishing attempts by scammers attempting to contact the platform’s users through NameCheap’s third-party upstream system for emails. The potential phishing emails attempted to steal personal information from the recipients along with their cryptocurrency wallets.
⚠️MetaMask does not collect KYC info and will never email you about your account!
Do not enter your Secret Recovery Phrase on a website EVER.
If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfo pic.twitter.com/4CDtne24OK— MetaMask 🦊💙 (@MetaMask) February 13, 2023
On February 28, hardware cryptocurrency wallet provider Trezor warned its users regarding a phishing attack targeting their crypto investments by trying to steal their private keys by making them enter the wallet’s recovery phrase on a fake Trezor website.
🚨 Beware of the active phishing scam!
The attackers contact the victims via phone call, SMS and/or email to say that there’s been a security breach or suspicious activity on their Trezor account.
➡️ Please ignore these messages as they are not from Trezor. ⬅️
More info in🧵👇 pic.twitter.com/nzfSzfwcZ1
— Trezor (@Trezor) February 28, 2023
Earlier this month, popular cryptocurrency exchange Coinbase revealed that it experienced a cybersecurity attack that targeted its employees. As part of the attack, several employees were targeted in an “SMS phishing campaign” urging them to sign in to their company accounts to read an important message. The security breach resulted in the exposure of a “limited amount of data” from its directory, including employee names, e-mail addresses, and some phone numbers.
