CertiK, a blockchain security firm, experienced a X account hijack with over 343,000 followers redirected to a malicious website promoting a cryptocurrency wallet drainer. The compromise resulted from a social engineering attack, where a threat actor used a hacked account associated with a media figure to send phishing messages to CertiK. Pretending to arrange a Forbes interview, the attacker led CertiK to a phishing site, stealing employee credentials. Following the account takeover, the hackers posted a phishing message on CertiK’s account, exploiting a supposed vulnerability in the Uniswap Router and directing users to a fraudulent site.
The attackers’ message warned of a Uniswap Router vulnerability, advising users to utilize @RevokeCash to revoke vulnerable approvals. CertiK deleted the malicious tweet 15 minutes after its posting and identified the incident as part of a broader social engineering campaign affecting numerous accounts. The company emphasized the exploitation of human trust and vulnerabilities in such scams. The hijack of verified X accounts, marked by gold and grey checkmarks, is an increasing trend, with even accounts enabled with two-factor authentication falling prey to cryptocurrency scams and phishing schemes.
This incident follows a pattern of verified X accounts, including those of government and business entities, being targeted for cryptocurrency scams. Other recent examples include the hijacking of Google subsidiary Mandiant’s account, which had two-factor authentication enabled, and the compromise of the official Twitter account for Bloomberg Crypto, redirecting almost 1 million followers to a malicious website stealing Discord credentials. The rise in such attacks underscores the vulnerabilities associated with verified accounts and the need for heightened cybersecurity measures.