The Twitter/X account of blockchain safety agency CertiK was hijacked at this time to redirect the corporate’s greater than 343,000 followers to a malicious web site pushing a cryptocurrency pockets drainer.
CertiK’s gold-verified X account was compromised in a social engineering assault by a menace actor utilizing one other hacked account described by the corporate as “related to a widely known media.”
“We’re at present investigating a compromise of our X account @CertiK. Don’t work together with any posts till we’ve confirmed the account is safe,” the corporate warned through its CertiKAlert account.
Crypto fraud sleuth ZachXBT later leaked screenshots of the DMs from the phishing assault, displaying that the attacker used the hacked account of a journalist, dormant since 2020 and with over 1 million followers, to ship the phishing message.
Utilizing this hacked account, the menace actors reached out to Certik about an alleged article they had been doing for Forbes, asking to schedule an interview. Nevertheless, the hyperlink to the scheduling web site was really a phishing web site used to steal the Certik worker’s credentials.
After hijacking CertiK’s account, the attackers posted a phishing message linking to a pockets drainer.
“WARNING: Our workforce has discovered the Uniswap Router contract to be susceptible to a re-entrancy exploit, permitting attackers to maneuver anybody’s tokens if authorized to the Uniswap contract. Use @RevokeCash to be able to revoke any susceptible approvals,” the malicious message stated.
Revoke.money nearly instantly cautioned that CertiK’s X account had been compromised and that the malicious tweet despatched individuals to a pretend Revoke web site.
CertiK says it deleted the malicious tweet quarter-hour after it was posted by the menace actor, including {that a} subsequent investigation discovered this to be a part of a large-scale ongoing social engineering marketing campaign that already led to the compromise of many different accounts.
“Whereas it is simple to level the finger after a phishing assault, the fact is that these scams are designed to use human belief and vulnerabilities,” CertiK stated.
The corporate additionally inspired those that had been affected throughout this incident to succeed in out.
As BleepingComputer reported on Thursday, verified X accounts with ‘gold’ and ‘gray’ checkmarks belonging to authorities and enterprise entities are more and more being hijacked to push cryptocurrency scams and phishing websites directing potential victims to crypto drainers.
As an example, the account of Google subsidiary and cybersecurity firm Mandiant was hijacked on Wednesday despite the fact that it had two-factor authentication (2FA) enabled.
The menace actor impersonated the Phantom crypto pockets and shared a crypto rip-off, main targets to a pretend airdrop web page that emptied their cryptocurrency wallets.
Scammers additionally used the official Twitter account for Bloomberg Crypto to redirect nearly 1 million followers to a malicious web site that stole their Discord credentials.
BleepingComputer reached out to Certik to find out if 2FA was configured on the corporate’s X account however has but to listen to again.
