The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer.
Crypto fraud sleuth ZachXBT later leaked screenshots of the DMs from the phishing attack, showing that the attacker used the hacked account of a journalist, dormant since 2020 and with over 1 million followers, to send the phishing message.
Using this hacked account, the threat actors reached out to Certik about an alleged article they were doing for Forbes, asking to schedule an interview.
The link to the scheduling site was actually a phishing site used to steal the Certik employee's credentials.
After hijacking CertiK's account, the attackers posted a phishing message linking to a wallet drainer.
Cash almost immediately cautioned that CertiK's X account had been compromised and that the malicious tweet sent people to a fake Revoke website.
CertiK says it deleted the malicious tweet 15 minutes after it was posted by the threat actor, adding that a subsequent investigation found this to be part of a large-scale ongoing social engineering campaign that already led to the compromise of many other accounts.
The company also encouraged those who were affected during this incident to reach out.
As BleepingComputer reported on Thursday, verified X accounts with 'gold' and 'grey' checkmarks belonging to government and business entities are increasingly being hijacked to push cryptocurrency scams and phishing sites directing potential victims to crypto drainers.
The account of Google subsidiary and cybersecurity company Mandiant was hijacked on Wednesday even though it had two-factor authentication enabled.
The threat actor impersonated the Phantom crypto wallet and shared a crypto scam, leading targets to a fake airdrop page that emptied their cryptocurrency wallets.
Scammers also used the official Twitter account for Bloomberg Crypto to redirect almost 1 million followers to a malicious website that stole their Discord credentials.
BleepingComputer reached out to Certik to determine if 2FA was configured on the company's X account but has yet to hear back.
Mandiant's account on X hacked to push cryptocurrency scam.
Hackers hijack govt and business accounts on X for crypto scams.
Crypto scammers abuse Twitter 'feature' to impersonate high-profile accounts.
Fraudsters make $50,000 a day by spoofing crypto researchers.
Crypto wallet founder loses $125,000 to fake airdrop website.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 05 Jan 2024 17:25:33 +0000