Ethereum developer exposes phishing scam using fake StreamYard domain

Ethereum core developer Zak Cole was recently targeted in a phishing scheme, where the attacker disguised a link as an invitation to appear on a ￰1￱ to Zak, the attempt relied on fake domains and a malicious installer to steal crypto credentials and data from his ￰2￱ wrote a 21-post X thread late Monday, starting with how the scam began with a direct message on X inviting him to “Join our podcast!” 2/21 It all started with a Twitter DM to "Join our podcast!" The attacker ( @0xMauriceWang ) posed as someone from@theempirepod. Looked legit after a brief skim so I ￰3￱ came an email from studio@theempirepodcast. com with a @StreamYard ￰4￱ said… ￰5￱ — ￰6￱ (@0xzak) September 15, 2025 The sender, using the handle @0xMauriceWang on the social platform, posed as a representative of Blockwork’s Empire podcast and followed up with an email from what Zak said looked like “a legitimate podcast domain.” Phisher tried to ‘help’ Zak install malicious app According to the Ether core dev, the email included a link displayed as ￰7￱ but was actually hyperlinked to ￰8￱ Cole clicked, the page returned an “error joining” message and instructed him to download a desktop application to ￰9￱ text to Zak Cole.) and ￰0￱ ( @streamyardapp ) as the lure and both are now burned (thanks @_SEAL_Org ). ￰10￱ — ￰11￱ (@0xzak) September 15, 2025 According to crowdsourced security intelligence firm VirusTotal’s findings, the delivery infrastructure they used was lefenari.

com, which hosted payloads through scripted endpoints, and streamyard. org, as a ￰12￱ domains are now disabled, with assistance from cybersecurity firm Security ￰13￱ Bybit now and claim a $50 bonus in minutes