A blockchain security firm, CertiK, had their Twitter/X account hijacked, leading to more than 343,000 followers being redirected to a malicious website promoting a cryptocurrency wallet drainer. The account was compromised in a social engineering attack by a threat actor using another hacked account associated with a well-known media company.

Screenshots of the DMs from the phishing attack show that the attacker used a dormant journalist’s hacked account with over 1 million followers to send the phishing message to Certik. The message claimed to be about an article for Forbes and requested an interview, but the link to schedule the interview was a phishing site used to steal Certik employee credentials.

After taking control of CertiK’s account, the attackers posted a phishing message linking to a wallet drainer, warning about a vulnerability in the Uniswap Router contract and directing people to a fake Revoke website.

CertiK deleted the malicious tweet 15 minutes after it was posted and stated that it was part of a large-scale ongoing social engineering campaign that had compromised many other accounts. The company emphasized the exploitation of human trust and vulnerabilities in these scams and encouraged those affected to reach out.

The article also highlighted other verified X accounts being hijacked to push cryptocurrency scams and phishing sites, including the account of Google subsidiary Mandiant and Bloomberg Crypto. BleepingComputer reached out to Certik to determine if 2FA was enabled on the company’s X account but has not received a response.

Fabio

Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles