Metaverse firm The Sandbox, which operates on the blockchain, has issued a security alert. On Thursday, the firm said in a blog post that a hacker had gained access to an employee’s computer and had sent out phishing emails to the platform’s users.
The fraudulent email was titled “The Sandbox Game (PURELAND) Access,” sent on Feb. 26. and contained links that could install malware on a user’s computer if clicked on. By installing this malware, a third party might take complete control of a user’s computer and access all of their data. Company officials have said that the hacker got access to only one employee’s computer and no other The Sandbox accounts or services.
Depth of the attack
According to the firm, the attacker only gained access to the email addresses of those who utilize The Sandbox. No monetary damage has been reported as of yet.
After the hack, The Sandbox issued a warning to users to be on guard for phishing attempts by advising them “not to access, play, or download anything from the hyperlinked website.” Users were also urged to change their passwords, utilize two-factor authentication, and refrain from visiting dubious websites.
Large quantities of money have been stolen through similar phishing email campaigns in the past. In February 2022, for instance, a malicious actor stole nearly $2 million worth of NFTs from OpenSea customers by convincing them to sign a rogue transaction provided by email link.
All linked passwords have been reset using two-factor authentication, and the project has emailed users who may have received the bogus email to let them know what happened. The company also stated that it was striving to enhance its security policies and processes and that the employee’s laptop had been reset.
This hack is the most recent in a long line of phishing emails designed to steal cryptocurrency or user data. Recently, a huge bogus phishing effort advised customers to upgrade their crypto wallets after hackers broke into the email system of domain name registrar Namecheap.