Nansen phishing emails flood crypto investors’ inbox

Numerous users of the crypto analytics platform Nansen have received phishing emails from scammers pitching an “exclusive opportunity” to participate in the fictitious “Nansen Airdrop.”
On Nov. 23, crypto community members on X (formerly Twitter) flagged an ongoing phishing campaign targeting Nansen users. The scammers are impersonating Nansen and sending fake invitations to an exclusive airdrop event.
Cointelegraph confirmed the hack from crypto investigator Officer’s Notes (Officercia), who initially warned the community about the ongoing attack. He suspects that user data from a previous third-party database leak is being used to target Nansen users.
On Sept 22, one of Nansen’s third-party vendors suffered a security breach, which affected nearly 7% of users in the system. The users affected by the breach reportedly had their email addresses exposed, along with some password hashes, and several had their blockchain addresses compromised. At the time, Nansen claimed it identify and inform those affected and asked all to change their passwords. It also clarified that wallet funds were unaffected by the event.

Nansen phishing email. Source: @offiercia (Twitter)
The screenshot of the Nansen phishing email shared with Cointelegraph shows the sender was “mail@networkforgood.com,” an email address completely unrelated to the original analytics platform.
It said that for the next 48 hours, the user could claim a guaranteed allocated amount of fake $NANSEN tokens. The scammers attached a link to the email, which would redirect users to a potentially rigged website.
Officercia advises reporting suspected phishing links to databases such as chainabuse.com, cryptoscamdb.org and phishtank.org, which helps the internet community reduce the success rates of such attacks.
Nansen has not responded to Cointelegraph’s request for comment.
Even more crypto investors are potential phishing targets after user data from TrueCoin and FTX bankruptcy claims, among others, were leaked recently.
This is just someone scraping our public API that shows the association between public wallet addresses and public Twitter usernames.
It’s like saying someone hacked you by looking at your public Twitter feed.
Irresponsible reporting from @TheBlock_ and @vishal4c https://t.co/GIXOWazqBk
— friend.tech (@friendtech) August 21, 2023
However, Friend.tech recently denied claims that its database of over 100K users was leaked. “It’s like saying someone hacked you by looking at your public Twitter feed,” explained the Friend.tech team, clarifying that the information came from scraping its public API.
Magazine: This is your brain on crypto: Substance abuse grows among crypto traders