Official X Account of Blockchain Security Firm CertiK Compromised – What’s Going On?
The X account (formerly Twitter) of blockchain security company CertiK has been compromised with bad actors posting a phishing link to a wallet drainer.
On Jan 5, it was revealed that CertiK’s X account was a victim of a phishing attack with several calls from the wider community to avoid engaging the links posted during the incident.
The official Twitter account of security auditing company CertiK has been compromised and phishing links are being posted to defraud users of their wallet funds. Not long ago, the Discord on Certik’s official website was also replaced and turned into a fake Discord with phishing… pic.twitter.com/tZYZthxvvc
— Wu Blockchain (@WuBlockchain) January 5, 2024
Blockchain security firm, Wallet Guard flagged the incident noting that the hackers are posting fake masked Revoke Cash links to a wallet drainer with other users adding that engaging with the links could lead to asset losses.
The hackers accessed the X account and posted a Uniswaps router contract with warnings of a re-entrancy exploit asking users to utilize Revoke Cash to “revoke” previous approvals.
“WARNING: Our team has found the Uniswaps router contract to be vulnerable to a re-entrancy exploit, allowing attackers to move anyone’s tokens if approved to the Uniswap’s contact. Use @Revoke Cash in order to revoke any vulnerable approvals.”
Users across social media spaces have criticized the incident based on the fact that a blockchain security firm’s account was compromised and a phishing link shared.
Hike in reported phishing cases
However, in recent times, there have been massive phishing links scams, even involving Ethereum’s co-founder’s account in October 2023. Last year, Vitalik Buterin’s X account was compromised with bad actors using the account to share fake non-fungible token links which led to over $691,000 being stolen.
“Disregard this post, apparently Vitalik has been hacked. He is working on restoring access,” his father wrote in a tweet.
This is not the first time CertiK has been the victim of a social platform compromise as hackers continue to target popular accounts to post phishing links. In December, CertiK’s website posted a Discord link with phishing links belonging to a fake server.
On Jan 4, it was reported that the CEO of Polychain’s X account was hacked in a phishing scam with the team warning users not to engage. At press time, the phishing links have been deleted from the account but it reaches over 41,000 users.
“In celebration of the New Year, We have decided to start the $PCHAIN phase 1 distribution early! What are you waiting for? Get your share before it’s too late! Register below to participate.”
CertiK recently released a new report on cryptocurrency hacks highlighting a drop in 2023 but revealed that over $1.8 billion was lost from 751 security breaches.
Our 2023 Hack3d report is out! Get the most comprehensive statistics and insights into Web3 security here. 🔒👇https://t.co/0bUOyeJqGi
— CertiK (@CertiK) January 3, 2024
According to the release, Q3 2023 witnessed the most losses resulting in over $686 million stolen from 183 incidents followed by November. While the number of scams plunged, the crypto community is still worried about the number of phishing incidents recorded in the past months calling on both users and platforms to be more vigilant.
Blockchain security firm, Scam Sniffer reported that over 295 million was stolen from 320,000 users in the last 12 months.
