In a concerning development for the cryptocurrency community, users of the prominent analytics platform Nansen have been besieged by phishing emails. These deceptive communications, coming from scammers, entice users with a bogus "Nansen Airdrop" opportunity. On November 23, vigilant members of the crypto community, using the X platform (previously known as Twitter), highlighted an active phishing campaign aimed at Nansen's user base. The campaign involves scammers masquerading as Nansen and offering invitations to a non-existent exclusive airdrop event.
The incident was confirmed through investigations by crypto expert Officer's Notes (Officercia), who initially alerted the community to the attack. The suspicion is that the scammers are utilizing data from a previous leak at a third-party database to pinpoint Nansen's users. This breach occurred on September 22 and impacted approximately 7% of Nansen's users, leading to the exposure of email addresses, some password hashes, and in certain cases, blockchain addresses. Nansen, at that time, took steps to address the breach, including urging affected users to change their passwords and reassuring them that their wallet funds remained secure.
A shared screenshot of the phishing email, which originated from "mail@networkforgood.com," a starkly unrelated email address to Nansen, showed the scammers offering fake NANSEN tokens and included a link that likely redirected users to a dangerous website.
Crypto investigator Officercia recommends reporting suspicious phishing links to watchdog sites like chainabuse.com, cryptoscamdb.org, and phishtank.org. These platforms play a crucial role in diminishing the success rates of such fraudulent campaigns.
At the moment, Nansen has not issued a statement regarding this phishing campaign. This incident serves as a reminder of the heightened risk of phishing attacks in the crypto sector, especially following recent data leaks from TrueCoin, FTX bankruptcy claims, and others. Contrarily, Friend.tech has refuted claims of its database comprising over 100,000 users being compromised, explaining that the alleged breach merely involved data scraping from its public API.