A phishing scammer, pretending to be a reporter for Forbes, temporarily obtained access to the X (previously Twitter) account of the blockchain security platform CertiK, following a post published on January 5 by CertiK.
This individual then utilized the account to post messages that advertised a harmful Web3 application. In the article, it was reported that a “verified account, associated with a well-known media outlet, contacted one of our employees.”
According to the message, the employee fell victim to a phishing attack, resulting in the creation of “related tweets” on the account and claiming that the account had been compromised.
The employee was a victim of phishing. The employee has removed all the malicious messages at this time. Cyvers, a blockchain security platform, claimed in a post published on January 5 to X that it had seen the messages before they were destroyed.
It was mentioned in the emails that the router of Uniswap had been hijacked and that users were required to revoke all permits for Uniswap by utilizing the Revoke.cash application.
However, the supplied link led users to a phony version of Revoke.cash that attempted to steal cryptocurrency. CertiK claimed to have found the malicious messages within seven minutes of their being posted and promptly initiated the recovery procedure to remove the attacker’s access to its X account.
After only fourteen minutes, the team was successful in removing the initial malicious post from the website. The team finished the investigation and eliminated the threat in 37 minutes.
X user NFT_Dreww.eth described a phishing scam on December 21. In that post, the attacker pretended to be a Forbes reporter and asked victims to connect their X accounts to the Calendly calendar app to schedule a meeting. CertiK claimed that the scam was part of “a large-scale ongoing attack” that was similar to the one described by NFT_Dreww.eth.
The provided URLs did not lead to the official website of Calendly. Instead, the URLs led to a misspelled bogus Calendly website. Once the victim “connected” their X account to the phony site, they unknowingly granted authorization for the attacker to post to X on their behalf.
The victim became aware of the false site. In response to CertiK’s post, the on-chain detective ZachXBT provided a snapshot of the message believed to have been used to phish CertiK. Someone impersonating Mark Beech, a former contributor to Forbes and Bloomberg who passed away in 2020, sent a message that has been received.
ZachXBT asked CertiK if victims who were phished as a result of the fraudulent post made to CertiK’s account could receive compensation. It was in response to this that CertiK made the following statement” We encourage those affected by the recent Twitter incident to reach out to us.”
Several high-profile crypto X accounts have been compromised as a result of phishing assaults over the past two weeks. Phishing attackers stole account information belonging to Compound Finance on December 29.
The founder of Polychain Capital was also affected, experiencing the breach on January 4th.