Security News > 2024 > January > Web3 security firm CertiK's X account hacked to push crypto drainer

Web3 security firm CertiK's X account hacked to push crypto drainer
2024-01-05 17:20

The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer.

CertiK's gold-verified X account was compromised in a social engineering attack by a threat actor using another hacked account described by the company as "Associated with a well-known media."

Crypto fraud sleuth ZachXBT later leaked screenshots of the DMs from the phishing attack, showing that the attacker used the hacked account of a journalist, dormant since 2020 and with over 1 million followers, to send the phishing message.

As BleepingComputer reported on Thursday, verified X accounts with 'gold' and 'grey' checkmarks belonging to government and business entities are increasingly being hijacked to push cryptocurrency scams and phishing sites directing potential victims to crypto drainers.

BleepingComputer reached out to Certik to determine if 2FA was configured on the company's X account but has yet to hear back.

Mandiant's account on X hacked to push cryptocurrency scam.


News URL

https://www.bleepingcomputer.com/news/security/web3-security-firm-certiks-x-account-hacked-to-push-crypto-drainer/