Security Firm Certik’s Account Hijacked to Spread Crypto Drainer
A Web3 security vendor was tricked by a social media phishing attack which hijacked its account and enabled scammers to share a link to a malicious website, it has emerged.
Certik warned on Friday via its X (formerly Twitter) account “Certik Alert” that it was investigating reports of a compromise on its main account.
“Do not interact with any posts until we have confirmed the account is secure,” it said at the time.
We are currently investigating a compromise of our X account @CertiK
Do not interact with any posts until we have confirmed the account is secure
— CertiK Alert (@CertiKAlert) January 5, 2024
It later revealed that the account had indeed been compromised and “a tweet with a phishing link” was published. That link was up for just 15 minutes, but it’s unclear whether any of the company’s 342,000 followers clicked through.
Read more on crypto scams: Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims
The phishing message itself appeared to spoof crypto wallet management firm Revoke, with a fake security alert taking users to a spoofed Revoke site. This apparently contained crypto-drainer malware designed to transfer digital currency from victims’ accounts without their consent.
Revoke was forced to publish its own post on Friday morning to warn users of the scam.
The phishing attack that compromised Certik involved the legitimate but dormant account of a Forbes journalist that was hijacked and used to message the security vendor.
“A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee,” the firm noted in its tweet.
“We quickly detected the breach and deleted the related tweets within minutes.”
It is believed to be part of a larger campaign using similar tactics to compromise high-profile X accounts.
In these attacks, a hijacked journalist account engages the victim organization and then sends a booby-trapped link to ‘schedule’ a meeting, which enables the attacker to steal the victim’s X credentials.
“While it’s easy to point the finger after a phishing attack, the reality is that these scams are designed to exploit human trust and vulnerabilities,” Certik tweeted in a separate post.
“That is why we are dedicated to build strong security systems and empower users to recognize and avoid these threats. Combatting phishing requires a united front. We encourage those affected during the recent Twitter incident to reach out to us.”
Crypto-drainer malware is becoming increasingly popular. Last month, researchers at Scam Sniffer claimed one variant, MS Drainer, was responsible for $59m in losses. The same security firm recently claimed that wallet drainers had stolen nearly $295m in virtual currency from over 324,000 victims in 2023.