Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X. To lure potential victims, the scammer uses a breach on major cryptocurrency exchange platforms. The scenario urges users to act swiftly to safeguard their digital assets from potential theft. The scammers impersonate accounts on X belonging to blockchain analytics or crypto fraud investigation firms and researchers, like CertiK, ZachXBT, and Scam Sniffer, to promote fabricated security breaches on Uniswap and Opensea. To impersonate the legitimate accounts, the threat actors created new X accounts with similar account names. Many legitimate X users fell for the trick and shared the scam on their accounts, some with hundreds of thousands of followers without double-checking the validity of the claims. One example is a tweet from malware analysis platform vx-underground, whose admins falsely assumed the information came from a trustworthy account. The scale of the campaign is also notable, with bot accounts promoting hashtags like #UniswapExploit to the point of them reaching top trending topics in the U.S. on X. ZachXBT, one of the accounts impersonated in this scam, told BleepingComputer that the first time he saw this threat group utilizing this tactic was on November 9th. This was when Hayden Adams - the developer of Uniswap's web application interface, warned the cryptocurrency community of the scam, clarifying that there was no Uniswap exploit leveraged in the wild and that tweets about this came from fake X accounts impersonating ZachXBT, Certik, and other well-known users in the cryptocurrency community. The scammers impersonate accounts on X belonging to blockchain analytics and investigation firms or users, like CertiK, ZachXBT, and Scam Sniffer, to promote a fabricated security breach on Uniswap or Opensea. Users are advised to revoke the permissions as soon as possible to prevent losing their assets by following a link to a malicious website at 'revoketokens[. Once visitors click on the 'Revoke Approvals' button and connect their wallet, the scam drains their funds, which is a non-reversible process. After publication of this article, ZachXBT says that the threat actors have successfully stolen over $305k in cryptocurrency as part of this ongoing scam. Impersonating the 'good guys' is a powerful deception trick capable of increasing success rate of the scam. In July 2022, phishing actors were seen impersonating cybersecurity companies to gain initial access to corporate networks. In June 2023, hackers created fake accounts on GitHub that impersonated existing cybersecurity researchers, even linking to fake X accounts for added legitimacy. There's no precaution more effective than double-checking that an account is authentic and that its claims accurately represent the truth. Because even legitimate accounts can be compromised to propagate scams, users should verify the claims from official sources. If you're overly worried about the likelihood of losing your digital assets to hacks and breaches, consider moving them to a cold wallet. Palestine crypto donation scams emerge amid Israel-Hamas war. Mixin Network suspends operations following $200 million hack. TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000