CoinGecko Faces Brief Compromise as Phishing Scam Targets X Account, Warns Users Against Suspicious Links

CoinGecko Phishing scams SEC
Last updated:
Journalist
Journalist
Hassan Shittu
About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.
CoinGecko X account hacked
Source: AdobeStock / Sergey Nivens

Cryptocurrency data aggregator CoinGecko experienced a security breach when their account fell victim to a phishing attack.

During a brief period on January 10, a phishing scam link was posted on their X account, falsely informing users of a CoinGecko token airdrop.

The hackers promoted a new cryptocurrency called GCKO in a fraudulent post, claiming it could be used to pay for API services like the cryptocurrency ANKR. The post included a suspicious link to a token airdrop. CoinGecko acted swiftly to remove the post and alert users to avoid interacting with potentially harmful content.

CoinGecko further responded by posting a warning on X, stating that their Twitter accounts, CoinGecko and GeckoTerminal, had been compromised. The company took immediate steps to investigate the situation, secure their accounts, and advise users not to click on any links or engage with suspicious content.

According to CoinGecko, the breach was attributed to a team member inadvertently clicking on a fraudulent Calendly link. This action granted unauthorized access to a hacker, enabling them to post on behalf of CoinGecko.

Despite having two-factor authentication (2FA) enabled and employing robust security measures, CoinGecko said the inadvertent click on the fraudulent link allowed unauthorized access. The compromised accounts were used to disseminate misleading information and potentially engage in malicious activities.

In their official statement, CoinGecko expressed their sincere apologies for any confusion or inconvenience caused by the incident. They emphasized their commitment to the security of their platforms and the continuous improvement of internal controls. The company reassured users that steps were taken to rectify the situation promptly.

Conclusively, CoinGecko urged users not to click on any links or engage with suspicious content during the period of compromise.

U.S. Securities and Exchange Commission (SEC) Twitter Account Hacked in Bitcoin ETF Scam

Moreover, this breach mirrors a similar incident that occurred a day earlier with the U.S. Securities and Exchange Commission’s (SEC) account.On January 9, the SEC Twitter account was compromised, with scammers posting a seemingly genuine message from Chair Gary Gensler stating that the SEC had approved multiple applications for Bitcoin spot exchange-traded funds (ETFs). The post was subsequently deleted.According to the investigation carried out by X Reviews, the breach was not due to any attacks affecting its infrastructure but instead was a result of the lack of two-factor authentication (2FA) tied to the SEC’s account.They further stated that the incident occurred due to “an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”However, the SEC has already approved spot Bitcoin ETF applications from ARK 21Shares, Invesco Galaxy, VanEck, WisdomTree, Fidelity, Valkyrie, BlackRock, Grayscale, Bitwise, Hashdex, and Franklin Templeton.There was initial uncertainty regarding the legitimacy of the spot Bitcoin ETF approvals as the SEC website went down shortly after the announcement. The doubt was heightened by the previous hacking of the SEC’s official Twitter account. However, the website quickly came back online, confirming the authenticity of the approval for the spot Bitcoin ETFs.SIM-card swap attacks remain a persistent concern in the Web3 community. These attacks involve imposters posing as legitimate account owners and contacting telecommunications issuers to switch the victim’s phone service to a number they control. This unauthorized access allows attackers to compromise social accounts associated with the targeted phone number.Notably, in September 2023, Ethereum co-founder Vitalik Buterin’s X account was breached in a phishing attack. Scammers took control of Buterin’s account and posted a fake NFT giveaway, leading users to click a malicious link and resulting in collective losses of over $691,000.

More Articles

Blockchain News
Floki Launches Debit Card Supporting Crypto Payments in Europe
Hongji Feng
Hongji Feng
2024-12-09 19:37:48
Bitcoin News
Bitcoin’s Rally Could Hit Pause in 2025, Says Crypto CEO
Sam Cooling
Sam Cooling
2024-12-09 19:23:18
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors