The Sandbox, a blockchain-based open-world multiplayer game with over 350,000 active monthly users, recently warned its community of a security incident that led to some users receiving fraudulent emails impersonating the game.
The attackers leveraged a hacked employee’s email account to send emails to users, containing links to malware hosted on another site.
The game’s publisher advises users to enable two-factor authentication, avoid clicking on hyperlinks in emails, keep antivirus software updated, and consider formatting their computers if they suspect malware infection.
The Sandbox’s metaverse offers players multiple ways to make money, such as creating pixel art NFTs that can be sold on The Sandbox NFT Marketplace or OpenSea or earning the game’s native “SAND” token that can be traded on Binance and Coinbase.
The breach had limited impact, and the attacker only gained access to the single employee’s computer, not other services or accounts. The extent of the breach’s impact for each user depends on whether or not they clicked on the hyperlinks and installed the malware.
Upon discovering the breach, The Sandbox quickly identified recipients of the malicious email and sent follow-up messages warning them not to open or download anything from the external website.
The compromised account was blocked from The Sandbox network, all employee passwords were reset, and two-factor authentication was enforced on all accounts.
The threat actor now has a list of Sandbox users, and all emails from the game should be inspected to ensure that links only go to the legitimate website located at https://sandbox.game.
This incident highlights the importance of taking proactive measures to protect personal and sensitive information online. Users should always be wary of unsolicited emails, verify the legitimacy of any links before clicking on them, and ensure that their devices and software are up-to-date with the latest security patches.
Enabling two-factor authentication and using strong passwords are also effective measures that users can take to bolster their online security.
