Blockchain-based metaverse company – The Sandbox – has warned its users about a security breach through a malware application.
According to the official blog post, an unauthorized third party managed to gain access to the computer of one of its employees and used the information it found to send an email falsely claiming to be from The Sandbox. Its statement read:
“We have blocked the employee’s accounts and access to The Sandbox, reformatted the employee’s laptop, and reset all related passwords including requiring two-factor authentication. We have not identified any further impacts.”
The Sandbox explained that the security breach, which was first identified on February 26, enabled the third party to access several email addresses to which it then sent a message falsely claiming to be from the company.
The email in question, which was loaded with malware hyperlinks, was titled “The Sandbox Game (PURELAND) Access.” This allowed the exploiter to remotely install malware on a user’s computer, granting it control over the machine as well as access to the user’s personal information.
The company warned against possible phishing attacks and urged them to avoid clicking on a hyperlink in the phishing email or any other suspicious links to prevent malware from being installed on their computers. It also recommended users strengthen their passwords and implement two-factor authentication,
The Sandbox, however, clarified that the third party’s access was limited to a single employee’s computer, accessed through a malware application. No other services or accounts of The Sandbox were breached.
So far, all recipients were notified by email, and the compromised passwords on the employee’s account were reset. The team is currently monitoring the situation and working on enhancing related security policies and practices.
Rampant Phishing Attacks
The latest development comes days after Trezor warned its users about an active phishing attack to steal funds by making them enter the wallet’s recovery phrase on a fake website resembling that of the hardware cryptocurrency wallet provider.
Its rival, Ledger, suffered a massive data breach in 2020. The perpetrators publicly leaked the personal information of over 270,000 customers.