Blockchain security platform CertiK recently experienced a phishing attack when an imposter, posing as a Forbes reporter, gained unauthorized access to their X (formerly Twitter) account. This incident highlights the ongoing threat of phishing scams targeting high-profile accounts in the cryptocurrency space.
CertiK details the phishing attack
According to CertiK’s post on X, the phishing attempt began when a verified account, seemingly affiliated with a reputable media outlet, contacted one of CertiK’s employees. Unfortunately, this account had been compromised, leading to the employee falling victim to a phishing scam. As a result, misleading tweets promoting a deceptive Web3 app were posted from CertiK’s official account. The fraudulent messages, which claimed that Uniswap’s router had been compromised, were swiftly detected and deleted by CertiK’s security team.
However, Cyvers, another blockchain security platform, reported having observed the malicious messages before their removal. The tweets urged users to revoke approvals for Uniswap using Revoke.cash, but the provided link led to a fake version of the site designed to steal users’ cryptocurrency. CertiK acted promptly, detecting the malicious messages within seven minutes and initiating a recovery process to revoke the attacker’s access to their X account. The team successfully removed the first of the malicious posts within 14 minutes, concluding their investigation and neutralizing the threat after 37 minutes.
Navigating the ongoing crypto phishing wave
This phishing incident is part of a larger-scale, ongoing attack, as indicated by CertiK. A similar scheme was described by an X user, NFT_Dreww.eth, in a post on December 21. In that case, the attacker, posing as a Forbes reporter, persuaded victims to link their X accounts to the Calendly calendar app for a supposed meeting. However, the provided links directed users to a counterfeit Calendly site with a misspelled URL. By connecting their X accounts to the fake site, victims unwittingly granted permission for the attacker to post on X on their behalf.
In response to concerns raised by on-chain investigator ZachXBT, who shared an alleged screenshot of the phishing message used against CertiK, the blockchain security platform encouraged those affected during the Twitter incident to reach out to them. The post did not explicitly address the question of whether reimbursement would be offered to victims who may have suffered losses due to the malicious post. Phishing attacks targeting high-profile cryptocurrency X accounts have become increasingly prevalent in recent weeks.
Notably, Compound Finance’s account fell victim to a phishing attack on December 29, followed by an attack on the founder of Polychain Capital’s account on January 4. These incidents underscore the persistent threat of phishing in the crypto space, emphasizing the need for heightened awareness and security measures within the community. As the crypto community grapples with evolving threats, users and organizations must remain vigilant against phishing attempts. Robust security practices, including two-factor authentication and scrutiny of incoming communications, are crucial in preventing unauthorized access and potential financial losses.