• An unauthorized third party accessed an employee’s computer and sent a bogus email to The Sandbox platform’s users.
• The email included links that, if clicked, would install malware on the user’s machine.
• The Sandbox has alerted users, reset passwords using two-factor authentication and is striving to strengthen its security rules and processes.
The Sandbox Phishing Alert
The Sandbox, a blockchain-based metaverse startup, has issued an alert regarding a potential security breach. On March 2nd, the company revealed that an unauthorized third party had accessed an employee’s computer and sent out a phony email to their platform’s users.
Malware Links in Phishing Email
The phishing email was sent out on February 26th with the title “The Sandbox Game (PURELAND) Access”. It included links which when clicked could infect the user’s device with malware, giving the malicious actor control over their information and administrative privileges.
What Did The Attacker Gain?
Fortunately for users of The Sandbox platform, it appears as though the attacker only gained access to the emails of those who received the phishing message. They were not able to access any other services or accounts associated with The Sandbox beyond this one employee account.
What Is The Sandbox Doing?
In response to this attempted attack, The Sandbox has already taken precautionary measures such as alerting everyone who may have gotten the fake message, restricting employee accounts and accesses as well as resetting all passwords via two-factor authentication. Additionally they are working towards strengthening their security protocols even further going forward.
Phishing Attacks Against Cryptocurrency Users
Sadly this isn’t an isolated case of malicious actors attempting to gain access to cryptocurrency wallets through phishing emails or messages sent out by companies like Namecheap who register domain names for websites online. In fact back in February 2022 an individual managed to steal nearly $2 million worth of NFTs from OpenSea customers by convincing them into clicking on fraudulent links in emails or messages they received from malicious actors pretending to be representatives from OpenSea itself.