News

The Current State Of Crypto Phishing Attacks: CoinGecko’s X Account Just Got Hit

Adekunle Joshua

Key Insights

  • This week alone saw both CoinGecko and the US SEC's Twitter accounts compromised by hackers, highlighting a trend of crypto hacks and scams.
  • Hackers on CoinGecko's account used a fake "Coingecko Token" airdrop to lure victims into clicking a malicious phishing link.
  • For some reason, both CoinGecko and the SEC allegedly lacked two-factor authentication on their accounts.
  • Security firms report that hackers are getting smarter, and are now using more sophisticated technologies in 2023 and 2024 especially.
  • The CoinGecko incident adds to a string of high-profile crypto-related hacks in 2024, and more than $120 million down the drain.

This week has been a very eventful one. From Monday until Thursday, we have seen the hacks of not one, but two major Twitter (X) accounts:

Less than a day after the US Securities And Exchange Commission's X account was hacked and used to send out misinformation about a fake ETF approval (that turned out to be true), CoinGecko was also hit.

However, this time, instead of posting misinformation on Coingecko's page, the hackers went ahead and posted a phishing link to a fake airdrop.

Fake Airdrop On Coingecko

On January 10 this week, CoinGecko announced that hackers had gained access to both its X account and terminal.

In detail, these Coingecko hackers sent out posts that offered a fake "Coingecko Token" airdrop to customers who clicked on an attached phishing link.

The Coingecko scam | Source: Twitter

CoinGecko quickly regained control of its account and removed the message, but thousands had already seen it

Coingecko controls the situation

CoinGecko declared on its page that "we're taking immediate steps to secure our accounts and investigate the situation." Users were also warned not to interact with any suspicious Tweets or click on any suspicious links.

A Long Week Of X Hacks

CoinGecko is not the only entity that has been targeted by hackers on X.

Less than a day earlier on Jan. 9, the US SEC also revealed that its X account had been compromised and that a fake tweet had been sent, claiming that the SEC had authorized several Bitcoin spot exchange-traded funds (ETFs).

What is interesting though, is how X claims that the SEC's account did not have two-factor authentication (2FA).

This was the same issue with Coingecko, highlighting the critical levels of Twitter account hacks in January especially.

Last week, we saw the likes of CertiK, one of the leading security firms, hacked via a social engineering attack from someone pretending to be a reporter from Forbes on one of its employees.

CertiK's account hack

This CertiK hack allowed the hacker(s) to post phishing links on the firm's page, which stayed there for a few minutes before the firm eventually took it down.

As with the issue of the SEC and CoinGecko, the X safety team says that the hack was caused by "an unidentified individual obtaining control over a phone number associated with these accounts through a third party,".

The Prevalence Of Crypto Hacks In 2024, Especially

Overall, 2024 has witnessed a spike in phishing attacks and X account hacks especially.

According to Blockchain security companies like CertiK, X account hacks and phishing attacks are starting to become more and more advanced, by luring victims in via social engineering and artificial intelligence.

Overall, the Coingecko incident adds to the growing list of hacks in 2024, including the $80 million Orbit chain hack, the second-time CoinsPaid hack this week that drained $7 million,  the $4.5 million Radiant Capital hack, as well as the $3.4 million Gamma strategies hack last week.

Overall, 2024 is starting to appear rife with hacks and breaches, with over $120 million stolen at the time of writing.

This shows a growing trend of hacks and scams in 2023, highlighting the need for investors to be vigilant—especially now that crypto market activity is expected to experience an uptick.

Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.