A web3 security supplier was misled by a phishing attack on social media that hijacked his account and enabled scammers to share a link to a malignant website, it originated.
Certik warned on Friday through his X (formerly Twitter) account “Certik Alert” that investigated the reports of a compromise on his main account.
“Do not interact with messages until we have confirmed that the account is safe,” She stood at the time.
We are currently investigating a compromise of our X account @Certik
Interaction with no messages until we have confirmed that the account is safe
– Certik Alert (@Certikalert) January 5, 2024
Later it revealed that the account had indeed been endangered and “a tweet with a phishing -link” was published. That link was only 15 minutes up, but it is unclear whether one of the 342,000 followers of the company clicked through it.
Read more about crypto -wamid: approval phishing -wendel tap $ 1 billion in cryptocurrency of victims
The phishing message itself seemed to forfeit Crypto Wallet Management Firm Revoke, with a fake security warning that brought users to a Spoofed Revoke site. This apparently contained crypto-drainer malware designed to transfer digital currency of the bills of victims without their permission.
Revoke forced to publish His own message on Friday morning to warn users of the scam.
The phishing attack that put Certik in danger concerned the legitimate but sleeping report of a Forbes journalist who was hijacked and used to steer the security seller.
“A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it seems that this account was affected, which led to a phishing attack on our employee,” the company noted in are tweet.
“We quickly discovered the infringement and removed the related tweets within a few minutes.”
It is believed that the part of a larger campaign using similar tactics to jeopardize high-profile X accounts.
In these attacks, a hijacked journalist account involves the victim organization and then sends a booby-prisoner of link to ‘plan’ a meeting, so that the attacker can steal the X references of the victim.
“Although it is easy to point your finger after a phishing attack, the reality is that this scams is designed to use human trust and vulnerabilities,” tweeted Certik in one separate post.
“That is why we are committed to build strong security systems and enable users to recognize and avoid these threats. Fighting phishing requires a united front. We encourage those affected during the recent Twitter incident to reach us.”
Crypto-drainer malware is becoming increasingly popular. Last month, researchers from SCAM Sniffer claimed that one variant, Mrs. Drrainer, was responsible for $ 59 million in losses. The same security company recently claimed that wallet drainers had stolen nearly $ 295 million in virtual currency of more than 324,000 victims in 2023.