According to reports, phishing URLs masquerading as legitimate social media posts have been used to steal cryptocurrency from user wallets on the CertiK social media account, a crypto auditing organization.
With over 340,000 followers, CertiK’s X (formerly Twitter) account appears to have shared a fraudulent link and encouraged users to utilize it to protect themselves against a cyber crisis.
Bad Guys Penetrate CertiK Defenses
On their X page, CertiK included a phony Revoke Cash link that led visitors to a wallet drainer. Users were notified by the blockchain security firm of a vulnerability in the Uniswap Router contract that “was allowing attackers to shift anyone’s tokens if approved to the Uniswap contract” in a post that has since been removed.
Revoke Cash’s official X account denied the claim, implying that CertiK’s X page had been hacked.
Based on data from DeFillama, Uniswap is the biggest decentralized exchange trading platform on Ethereum, with a locked value of around $3.8 billion. The operations of Uniswap remained unaffected by the news.
CertiK said it is currently investigating a breach of its social media account.
We are currently investigating a compromise of our X account @CertiK
Do not interact with any posts until we have confirmed the account is secure
— CertiK Alert (@CertiKAlert) January 5, 2024
Users were also cautioned this morning not to interact with any postings from the main account until it is verified as secure by the company’s connected security alert account, which also stated that it is looking into the matter.
It looks like @CertiK‘s X account has been compromised and is sharing a link to a fake Revoke website. Uniswap is NOT compromised. pic.twitter.com/G5xw7PQR6n
— Revoke.cash (@RevokeCash) January 5, 2024
Phishing schemes are most often conducted online. In order to get personal and financial information from victims of these scams, dishonest people frequently pose as reputable organizations, banks, or service providers and provide false information to them through phony websites, emails, or social media accounts.
Phishing scammers typically send their victims emails or communications that seem to be from reputable sources. These communications request cash or personal information from the victims. By using phony websites that mimic authentic websites, they are able to obtain sensitive data such as credit card numbers, usernames, and passwords.
Crypto Market Sentinel Falls Prey To Hackers
Ironically, CertiK had been marketing its 2023 hacker security report, which provides data and insights regarding web3 security, only two days earlier. Crypto reporter Wu Blockchain said there was a recent hack on the official CertiK Discord site, which resulted in the replacement of its legitimate Discord with a fake one that promoted phishing links.
The official Twitter account of security auditing company CertiK has been compromised and phishing links are being posted to defraud users of their wallet funds. Not long ago, the Discord on Certik’s official website was also replaced and turned into a fake Discord with phishing… pic.twitter.com/tZYZthxvvc
— Wu Blockchain (@WuBlockchain) January 5, 2024
According to their research, 751 security incidents in 2023 resulted in the loss of approximately $1.8 billion in digital assets. Although the sum is still enormous, it is 51% less than the $3.7 billion in losses from hackers and other incidents that occurred in 2022.
CertiK’s analysis also revealed that there were over $686 million in losses during the third quarter of 2023, making it a very vulnerable quarter. Interestingly, private key compromises emerged as the most expensive attack vector, with losses exceeding $880 million in 47 distinct instances this year.
CertiK is a frontrunner among blockchain security companies. Major IT companies like Apple and Samsung have acknowledged the firm’s work, according to its website.
Featured image from Freepik