Details from the investigation of the January 23 phishing incident which targeted Matcha’s support provider.
We have been investigating a security incident in which the email account of a Matcha Support team member was compromised and used to access contact information for some Matcha users who had corresponded with the support team.
No software, smart contracts or third-party wallets or wallet credentials were compromised, and matcha.xyz remains safe and functional. Regardless, we urge users to be extra vigilant of any emails or messages you may receive in the coming days, especially any that claim to be related to Matcha Support.
Additional information based on our preliminary investigation is included below.. We sincerely apologize to all Matcha users. We have already implemented changes to prevent further incidents of this type, and will continue working to take all necessary steps and remediate any consequences for affected Matcha users.
If there is any chance you were affected by this incident, you will have already received an email communication from us containing details of the involved data.
On Monday, January 22, a Matcha Support team member received a malicious link through our third party support platform, which enabled an attacker to gain unauthorized access to that team member’s email account.
We discovered the breach within 24 hours of the incident and revoked all access privileges for the compromised email and all associated accounts at third-party platforms. Simultaneously, we began an investigation to determine what data may have been accessed.This investigation revealed 3,745 email addresses were affected.
On Tuesday January 23 at 4PM PST, we publicly announced on Twitter that Matcha was investigating a security incident, and warned of potential phishing attacks. This message was echoed in emails to all Matcha email contacts, even those not affected by the breach.
How this might affect you
The compromised data does not in any way compromise the safety of funds contained in your wallet. Matcha does not collect or store data that could be used to sign transactions on your behalf.
User email addresses were the primary information compromised in this incident, so there is a risk of malicious actors targeting those users in sophisticated phishing campaigns. Phishing may attempt to mislead users or obtain users’ confidential information, including using the following tactics:
- direct the target to a fake version of Matcha or another web3 platform
- this may appear identical to the official site and use a similar URL
- attempt to trick you into signing a transaction or enter your wallet recovery seed
- ask you for further sensitive details such as your physical address or phone number
What you can do to stay safe
Matcha does not hold any data that could grant access to your crypto accounts. However, we advise you to be cautious of any attempts to obtain such information.
In particular, you should be wary of communications that appear to be from legitimate sources, but have unusual aspects such as redirecting you to an unfamiliar website or requesting sensitive information.
It is good practice to enable two-factor authentication on your online accounts and to use a hardware wallet to protect your crypto offline.
What we are doing to prevent further incidents
Matcha continues to strive for the highest security standards. In response to this incident, we are:
- Revising security practices for both internal teams and vendors
- Tightening data security at every level
- Shortening data retention windows
- Reinforcing data sanitization measures
- Revising internal security training for internal teams and vendors
We refrain from sharing specifics so as to ensure these changes have the greatest effect.
We appreciate your continued support
Malicious actors are an unfortunate aspect of the internet, and crypto users and Web3 are not immune.
We sincerely apologize for any impact this incident has on you or our broader community, and are making every effort to prevent any such incidents in future. We value our users’ trust above all else and look forward to your continued support going forth.