The blockchain metaverse company said an unauthorized third party had gained access to an employee's computer and exploited the data found on it to launch phishing attacks.
The Sandbox is an Ethereum-based metaverse company, or, as it puts it, “a decentralized, community-driven gaming ecosystem where creators can share and monetize voxel [3D graphics] assets and gaming experiences.”
The Sandbox said a threat actor accessed a number of email addresses and then sent them phishing emails impersonating the company. The phishing email included a hyperlink to malware “that may have the ability to remotely install malware on a user’s computer granting it control over the machine and access to the user’s personal information.”
According to The Sandbox, third-party access was limited to a single employee’s computer.
“If the recipient [of the phishing email] clicked on a hyperlink in the email and malware was installed on their computer, other personal information stored on the machine may be accessible,” The Sandbox said.
The company reached out to all the email recipients with instructions on what to do next. It also blocked the employee’s accounts and access to The Sandbox, reformatting the employee’s laptop and resetting all related passwords, including requiring two-factor authentication.
“We have not identified any further impacts. However, we are working with our team to monitor the situation and enhance our related security policies and practices," it added.
Your email address will not be published. Required fields are markedmarked