CertiK's X Account Compromised in Phishing Scam Resembling Larger Ongoing Attack
Summary:
The blockchain security platform CertiK fell prey to a phishing scam when a hacker, under the guise of a Forbes reporter, accessed its X account, formerly Twitter, and published deceptive messages promoting a malicious Web3 app. The security breach, quickly remediated, involved misleading links acting as a version of Revoke.cash, a ploy to steal users' cryptocurrency. The method mirrored a broader ongoing attack, similar to a phishing scheme previously described on X. The event follows recent phishing attacks on several high-profile crypto X accounts, demonstrating a concerning trend.
The blockchain security firm CertiK experienced a cyber attack when an imposter, claiming to be a Forbes journalist, gained brief control over their former Twitter account, currently named X, as stated in a Jan. 5 post by CertiK. It appears that the scammer took over a verified account which contacted one of our staff members. Regrettably, it showed that the account was hijacked, resulting in a phishing ploy on our team member. The security breach was immediately detected, leading to the removal of related tweets in just a matter of minutes.
The post further clarified that a 'verified account, associated with a well-known media outlet, had contacted one of their employees'. This account was ultimately discovered to be under fraudulent control, leading to an employee being phished and deceptive tweets being posted on to the platform. They have since been deleted. On Jan. 5, the blockchain security platform Cyvers admitted to spotting these tweets before deletion. They reported that the tweets hinted at a compromise on Uniswap's router, urging users to revoke all approvals for Uniswap, using Revoke.cash. It punctuated a counterfeit version of Revoke.cash, created to dupe users into losing their cryptocurrency.
CertiK stated that they identified the fraudulent tweets within seven minutes of posting and initiated an immediate recovery process to eliminate the hacker's access to their X profile. In just 14 minutes, they were able to erase the initial misleading messages and subsequently, after 37 minutes, concluded their investigation with the imminent threat neutralized. According to CertiK, this scam mirrors a broader active attack, similar to what was mentioned by X user NFT_Dreww.eth in his Dec. 21. He had pointed out a similar phishing scam, in which the hacker claimed to be a Forbes reporter asking for meetings via the Calendly calendar app linked to X accounts. But, the links redirected to a bogus Calendly site featuring a misspelled URL. Once the victim 'connected' their X account to the fake site, they unintentionally provided permissions to the hacker to post to X on their account's behalf. CertiK referred to this trickery as reflective of a larger playing out attack.
ZachXBT, an on-chain detective, provided a response to CertiK's post, arguing the phishing message sent to CertiK came from an individual masquerading as Mark Beech, a former Forbes and Bloomberg writer who passed away in 2020. In his post, ZachXBT requested CertiK to reimburse victims of the phishing scam via their account. In return, CertiK proposed that affected parties due to the recent Twitter incident come forward and connect.
Many high-profile crypto X profiles have fallen victim to similar phishing attacks recently. For instance, on Dec. 29 last year, Compound Finance's X account fell prey, followed by an attack on Polychain Capital's founder on Jan. 4.
Published At
1/5/2024 11:43:55 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.