The Sandbox has warned its users about email phishing scams in a blog post.
The Sandbox, a blockchain-based metaverse company, has issued a warning about the security breach. The company announced in a blog post on Thursday that an unauthorized third party had accessed an employee’s computer and sent a fake email to the platform’s users.
No Financial Loss
The fake email was titled “Sandbox Game (PURELAND) Access” and contained links that, if clicked, could install malware on the user’s computer. This malware also gave the third party access to personal information by gaining control over the user’s computer. The company stated that only a single employee of the third party has access to their computer and cannot access any other services or accounts of The Sandbox.
The company said the only data the attacker had access to was the email addresses of The Sandbox users. In addition, no financial loss has been reported so far.
Following the breach, The Sandbox warned users to be wary of potential phishing attacks and told targeted users not to open, play or download anything from the “bridged website”. It also recommended that users harden their passwords, enable two-factor authentication apps, and avoid suspicious connections.
The project acted quickly to address the issue, including sending emails to users who may have received the spoofed email, blocking the employee’s accounts and access, and resetting all passwords related to two-factor authentication. The employee’s laptop was also reformatted, and the company says it’s working to improve security policies and practices.
Not long ago, domain registrar Namecheap’s email system was breached, prompting users to upgrade their crypto wallets.
There have also been incidents where hackers managed to steal large sums of money with such phishing email attacks. For example, in February 2022, a malicious hacker tricked OpenSea users into signing a transaction sent via an email link and stole nearly $2 million worth of NFTs.
35161
