Table of Contents
CertiK’s X Account Falls Victim to Social Platform Hack, Phishing Link Promotes Revoke Cash Scam
On January 5, CertiK, a prominent blockchain security company, reported that its X account, previously known as Twitter, had been compromised in a phishing attack. Bad actors seized control of the account, posting a phishing link that led to a wallet drainer.
A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee.
— CertiK (@CertiK) January 5, 2024
We quickly detected the breach and deleted the related tweets within minutes. Our… pic.twitter.com/aO7GQjXEz2
The incident has raised concerns within the crypto community, as users were cautioned against engaging with the links shared during the compromise.
Wallet Guard Flags Phishing Incident
Blockchain security firm Wallet Guard promptly identified the phishing attack on CertiK’s X account. The attackers posted fraudulent links masquerading as Revoke Cash, enticing users to click and potentially suffer asset losses. The compromise included the posting of a Uniswaps router contract, accompanied by warnings of a re-entrancy exploit. Users were falsely advised to utilize Revoke Cash to “revoke” previous approvals.
Community Criticism for Compromised Security Firm
The compromise of CertiK’s X account has drawn criticism from users across social media platforms. Many expressed concerns about the irony of a blockchain security firm falling victim to a social platform compromise and spreading phishing links. The incident underscores the ongoing challenges faced by security-focused entities in safeguarding their online presence.
Surge in Phishing Incidents
The hacking of CertiK’s X account adds to a recent surge in phishing incidents targeting prominent figures and companies in the cryptocurrency space. Ethereum’s co-founder, Vitalik Buterin, experienced a similar compromise in October 2023, where bad actors utilized his account to share fake non-fungible token links, resulting in a theft of over $691,000.
CertiK’s History of Compromises
This isn’t the first time CertiK has fallen victim to a compromise. In December, the company’s website posted a Discord link containing phishing links belonging to a fake server. The recurrence of such incidents highlights the persistence of hackers targeting reputable accounts associated with the blockchain and cryptocurrency industry.
CEO of Polychain’s X Account Hacked
Coinciding with CertiK’s X Account incident, on January 4, the CEO of Polychain’s X account was also hacked in a phishing scam. The compromised account, with over 41,000 users, posted messages promoting a fake $PCHAIN phase 1 distribution, urging users to register to participate.
CertiK’s Report on Cryptocurrency Hacks
In a recent report, CertiK highlighted a decrease in cryptocurrency hacks in 2023, but losses persisted, surpassing $1.8 billion from 751 security breaches. The third quarter of 2023 recorded the highest losses, with over $686 million stolen from 183 incidents. Despite a decline in overall scam numbers, the crypto community remains vigilant, emphasizing the need for heightened awareness and security measures against phishing attacks.
Our 2023 Hack3d report is out! Get the most comprehensive statistics and insights into Web3 security here. 🔒👇https://t.co/0bUOyeJqGi
— CertiK (@CertiK) January 3, 2024
Growing Concerns and Community Vigilance
Blockchain security firm Scam Sniffer reported that over $295 million was stolen from 320,000 users in the last 12 months, indicating the persistent threat of phishing attacks. The crypto community calls on both users and platforms to remain vigilant in the face of evolving cyber threats, emphasizing the importance of proactive measures to safeguard digital assets.
For any queries or suggestions please leave a comment or contact us here.
Thank you,
