The Sandbox Warns Users To Remain Vigilant After Security Breach

Table of Contents

• The Sandbox Issues Advisory 
• Details Of The Breach 
• Possible Phishing Attacks 
• Wave Of Phishing Attacks 

The Sandbox, one of the most prominent blockchain-based metaverse companies, has suffered a security breach, with its users being targeted by phishing emails. 

According to a blog post by the platform, the breach happened because an unauthorized third party managed to gain access to one of its employee’s devices. 

The Sandbox Issues Advisory 

Blockchain-based metaverse giant The Sandbox has warned users of a breach due to a malware application. The company warned its users through a blog post, stating that an unauthorized third party had managed to gain access to a computer belonging to one of its employees. Using the information on the laptop, the third party sent out emails falsely claiming to be from The Sandbox. The company stated that it had blocked the employee in question’s account and access to The Sandbox, reset all passwords and reformatted the laptop. The company stated, 

“We have blocked the employee’s accounts and access to The Sandbox, reformatted the employee’s laptop, and reset all related passwords, including requiring two-factor authentication. We have not identified any further impacts.”

The team from The Sandbox stressed that the third party’s access was limited to just one computer. 

“The third party’s access was limited to a single employee’s computer, accessed through a malware application. To the best of our knowledge, the third party was unable to access any other services or accounts of The Sandbox.”

Details Of The Breach 

In its statement, The Sandbox team stated that on the 26th of February, 2023, they became aware of an unauthorized party gaining access to a computer belonging to an employee of The Sandbox. This breach allowed the party to access email addresses, following which it sent out emails that falsely claimed to be from the company. The email, which contained several malware hyperlinks, was called “The Sandbox Game (PURELAND) Access.” 

This allowed the hacker to remotely install malware on a user’s machine, acquiring control over the machine and the user’s personal information. 

Possible Phishing Attacks 

In the wake of the breach, the company warned its users of potential phishing attacks and urged them to avoid clicking on any hyperlink contained in the email or any other suspicious email to prevent any malware from being installed on their machines. The team also warned users to strengthen their passwords and implement two-factor authentication (2FA). Additionally, it advised users to install and run a trusted antivirus program that could identify and remove any malware. The blog post added that if users suspected that their machine was compromised, they should consult an IT professional and reformat their computer. 

However, the company assured users that the breach was limited to only one computer and that no other services or accounts on The Sandbox were breached. All recipients of the malicious email were notified by email, and the compromised machine and passwords of the employee were reset. The team is also actively monitoring the situation and working to enhance security practices and policies. 

“We have not identified any further impacts. However, we are working with our team to monitor the situation and enhance our related security policies and practices.”

Wave Of Phishing Attacks 

The latest attack comes as a wave of phishing attacks has hit the crypto ecosystem. Just days prior, Trezor had warned users of an active phishing attack orchestrated to steal user funds by tricking them into entering the wallet’s recovery phrase on a fake website designed to mimic the wallet provider’s actual website. Once entered, users would have lost access to all their funds stored in the wallet. 

Trezor’s primary rival, Ledger, was at the receiving end of a major data breach in 2020, with the hackers leaking the personal information of over 27,000 ledger customers. 

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.