Web3 Security CertiK X Account Compromised in Phishing Scam

On January 5, CertiK, a blockchain security and smart contract auditing firm, fell victim of a cyberattack. This incident happened on the official account of Company X (formerly Twitter), where a phishing link was posted after a bad actor hacked the protocol’s social media profile. CertiK announced that a “verified account associated with well-known media outlets” managed to hack one of their employee’s X accounts, leading to the posting of links to phishing scams. The company quickly addressed the breach, removing the phishing link within 14 minutes, and there were no significant losses from the exploit.​​​​

The phishing attack was initially detected due to a direct message received by the CertiK employee that showed signs of being dangerous. Blockchain Detective ZachXBT highlighted that the account that links to CertiK has not posted since April 2020, indicating that it may have been compromised. In response to the incident, CertiK encouraged those affected by the exploit to contact them, highlighting the challenges in combating phishing attacks that exploit human trust and vulnerabilities.​​​​

This security breach is particularly notable given CertiK’s role in blockchain security. Just a day before the incident, CertiK published its 2023 Hack3D Security Report, which highlighted a 50% drop in crypto losses, marking it as an important milestone in blockchain security. The compromised CertiK account tweeted about a fake vulnerability in the Uniswap V3 smart contract code, directing users to a fraudulent website posing as Revoke.cash. Revoke.cash confirmed that Uniswap was not compromised, but this incident raised questions about CertiK’s own security practices​​​​

The official CertiK Discord site was also hacked, replaced with a fake Discord promoting phishing links. CertiK subsequently regained control of its account and removed the fake tweets. However, the breach highlights the crypto industry’s continued vulnerability to hackers, with stolen funds exceeding $3.8 billion in the past year. CertiK’s investigation into the breach revealed that it was part of an “ongoing large-scale attack” using social engineering through Calendly, a scheduling app.

The recent hacking of the X account of CertiK, a Web3 security firm, to promote cryptocurrency wallet drains highlights a notable irony and concern in the blockchain security landscape. This breach, achieved through social engineering, used a compromised account associated with a known media outlet. The attackers, posing as a journalist, lured a CertiK employee with a phishing link masquerading as a planning site, eventually compromising the company’s account. This incident highlights the sophisticated nature of modern phishing scams that exploit human trust and vulnerabilities, and raises critical questions about the reliability of security measures in blockchain and crypto-related firms.

The use of social engineering in this attack reflects a growing trend in the cyber world where even security-savvy individuals and organizations are vulnerable. This breach is particularly impressive given CertiK’s role in ensuring the security of blockchain technology. The event not only points to the need for increased vigilance and advanced security protocols in the Web3 space, but also serves as a reminder of the relentless and evolving nature of cyber threats in the blockchain ecosystem. The irony of a Web3 security firm falling victim to such an attack underscores the universal susceptibility to sophisticated cyberthreats and underscores the importance of continually improving industry security practices

Image source: Shutterstock

Leave a Comment