CoinGecko and SEC Fall Victim to Cyber Attacks, Prompting Security Alerts
Summary:
The cryptocurrency data aggregator CoinGecko and the U.S. Securities and Exchange Commission's (SEC) X accounts were briefly compromised in separate cyber incidents. The breaches, attributed to improper security measures such as the lack of two-factor authentication and SIM-card swap attacks, resulted in fraudsters posting misleading content on the hacked accounts. Immediate actions were taken to secure both accounts and remove fraudulent posts.
On January 10, CoinGecko's X account and terminal, a top-rated cryptocurrency data hub, briefly fell under malicious control. "Our immediate action is to launch an investigation and reinforce our account security," stated the CoinGecko technical team, alerting users to avoid "interacting with dubious content or following any links." A fraudulent link promoting a purported airdrop of CoinGecko tokens briefly featured on the company's X account during that day. The false post was swiftly removed.
Just a day earlier, the X account of the U.S. Securities and Exchange Commission (SEC) suffered a similar security breach. Fraudsters posted a convincingly authentic message claiming SEC Chair Gary Gensler had approved several Bitcoin spot exchange-traded funds (ETFs) applications. This false statement was also promptly deleted. As of the publishing date, the SEC has not yet approved any Bitcoin spot ETFs.
In an analysis of the SEC hack aftermath, X clarified that this breach didn't result from any attacks on its systems. Rather, it was a consequence of the SEC's account not having two-factor authentication (2FA) in place. "This breach occurred when an unknown person took control of a phone number tied to the @SECGov account through an intermediary," stated X developers.
Web3 community members continue to face persistent issues with SIM-card swap attacks. These involve scammers impersonating the legitimate account holders and persuading telecommunication service providers to transfer the victim's phone service to a number under the fraudster's control. This enables the scammer to access the victim's social media accounts tied to that phone number. A similar phishing attack compromised the X account of Ethereum co-founder Vitalik Buterin in September of last year.
Published At
1/10/2024 10:54:32 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.