CORRECTION: This article has been amended to clarify that the hackers were able to breach our newsletter service via a vulnerability at Decrypt. MailerLite was not at fault, as was originally asserted.
The key Decrypt uses to access its newsletter service to send email updates to its readers was apparently compromised allowing hackers to send a phishing email to all subscribers on Tuesday morning. The scam email claimed to offer access to a $DECRYPT token airdrop. MailerLite, the service we use, was not at fault.
To be clear, there is no such airdrop, the links lead to fake sites, and we urge recipients to delete the message.
As soon as we were able to regain access to our newsletter account, we sent out a message disavowing the scam email.
We are conducting a thorough review of our security practices and will be working with our newsletter provider to determine how our account was compromised and to prevent future malicious attacks. Emails and websites that are meticulously designed to look exactly like official and credible services and sources are an all-too-common vector for scammers in the crypto space—and everywhere.
As a reminder, whether via email, Twitter, Discord, Telegram, or myriad other platforms, scammers are regularly impersonating Decrypt, shilling tokens or promising interviews or news coverage. Please verify every contact, and when in doubt, please don't engage.