The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency.
As Mandiant found during a follow-up investigation into the incident, the attacker used a wallet drainer dubbed CLINKSINK. This same drainer has been used since December to steal funds and tokens from users of Solana cryptocurrency as part of a large-scale campaign involving at least 35 affiliate IDs linked to a shared drainer-as-a-service.
The affiliates use drainer scripts to steal cryptocurrency and are expected to give the operators a 20% share of all stolen funds.
They use hijacked X and Discord accounts to share cryptocurrency-themed phishing pages impersonating Phantom, DappRadar, and BONK with fake token airdrop themes.
Targets visiting these malicious pages are asked to link their crypto wallets to claim the token airdrop, allowing the malicious actors to siphon their funds if they authorize a transaction to the drainer service.
The estimated value of assets stolen in these recent attacks totals a minimum of $900,000, according to Mandiant.
Since the start of the year, a massive wave of account breaches has impacted X users, with verified organizations getting hacked to spread cryptocurrency scams and links to wallet drainers.
X also noted that the SEC's account did not have two-factor authentication enabled at the time the account was hacked.
Previously, the Netgear and Hyundai MEA X accounts were also hijacked to promote fake cryptocurrency sites pushing wallet drainers, with the X account of Web3 security firm CertiK getting hacked one week before for the same malicious goal.
Threat actors are increasingly taking over verified government and business X accounts with 'gold' and 'grey' checkmarks to give legitimacy to tweets redirecting users to cryptocurrency scams, phishing sites, and sites spreading crypto drainers.
X users are also under a ceaseless flood of malicious cryptocurrency ads leading to fake airdrops, various scams, and, of course, cryptocurrency and NFT drainers.
As ScamSniffer blockchain threat experts said in December, a single waller drainer known as 'MS Drainer' was used to steal roughly $59 million worth of cryptocurrency from 63,000 people in an X ad push between March and November.
Web3 security firm CertiK's X account hacked to push crypto drainer.
Netgear, Hyundai latest X accounts hacked to push crypto drainers.
Mandiant's account on X hacked to push cryptocurrency scam.
X users fed up with constant stream of malicious crypto ads.
Crypto drainer steals $59 million from 63k people in Twitter ad push.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 10 Jan 2024 22:25:04 +0000