A phishing attack was attempted on 2 of KaJ Labs’ employees. An attempt to steal the team’s crypto assets worth $305M was prevented but the attack resulted in a data leak. 

There is no impact whatsoever to KaJ Labs’ systems or the Lithosphere project, nor were any assets ever at risk. 

Details of the incident

A third-party email marketing provider (Sender) that KaJ Labs used until last month, was the subject of a social engineering attack. While the attack occurred on a third party, it has impacted our data and it was ultimately the result of our decision to stop working with this vendor. 

An attacker impersonating a KaJ Labs employee managed to create an account on Sender’s platform and was able to access KaJ Labs’ marketing data such as names, contacts and addresses of several community members and partners. 

The social engineering attack took place on the Sender platform, and involved Sender’s personnel, systems and applications. None of KaJ Labs’ systems, applications, employees, or accounts were compromised. None of the wallets holding LITHO or the project’s assets were compromised.

Fast forward to last week, two KaJ Labs employees began receiving unsolicited emails about a listing offer from Upbit, a Korean crypto exchange (email screenshots). 

The attacker(s) asked our unsuspecting team members to join a telegram group via a link in the email. Once in the group chat (screenshot), the fake Upbit team asked for a payment of 250,000 USDT to this wallet and asked the employee to download a google drive document to submit project info. The scammers went ahead and asked the team for a wallet that’d be used for holding liquidity tokens. A few hours later, a KaJ Labs employee’s wallet received 0.3 ETH and the employee was subsequently prompted to approve a random transaction. We quickly realized what was going on and proceeded to stop the attack. We’re still not sure if both the email vendor’s attack and the attempted crypto theft are connected.  

At KaJ Labs, we have procedures before making any external payments so the request for payment led us to ask for verification and we later found out from the official Upbit team that this was an elaborate scam. 

Our commitment

Regardless of any failures by third parties, we are accountable to our community and partners in all cases and it is necessary that we share details of the security incident which occurred on April 26th.

We believe that we have an obligation to make this disclosure to our community and partners regardless of the negative impact it may have on our business.

What the community can do

It’s important that our community and partners be diligent about confirming all communications and any requests that appear to come from KaJ Labs or Lithosphere. Given the data leak, the community should be on high alert for any spear phishing attempts. Be especially careful about clicking on any email links. 

If you have any questions, please email us at [email protected] . 

Joel Kasr
Chief Scientist and Founder