Nobody Is Safe: Blockchain Security Firm, CertiK Falls Victim to Hack by Impersonating Forbes Reporter

Nobody Is Safe: Blockchain Security Firm, CertiK Falls Victim to Hack by Impersonating Forbes Reporter
Published on

Key Insights

  • A hacker posing as a Forbes reporter tricked a CertiK employee into granting them access to their Twitter account.
  • The attackers promoted a fake Revoke.cash website to steal funds from Uniswap users through a phishing link.
  • CertiK regained control within 37 minutes, demonstrating the importance of timely incident response in cybersecurity.
  • CertiK believes this is part of a larger attack targeting crypto-related Twitter accounts, suggesting a coordinated campaign.
  • The attack shows the increase in social engineering scams in the crypto space, targeting both individuals and companies.

The crypto market is more prone to several kinds of hacks and exploits than the average financial market.

Security firms have continuously released reports detailing these attacks, and keeping the community educated about the several methods attackers use to siphon money.

However, what happens when even a security firm joins the fray and gets hacked?

This is what happened this week, as detailed in the story below.

Blockchain Security Firm Gets Hacked

Blockchain security provider CertiK reported on 5 January 2024, that an attacker posing as a Forbes reporter had managed to gain access to its X (previously Twitter) account.

The attacker used a compromised (but verified) account linked to Forbes to get in touch with a CertiK employee, asking for a scheduled interview.

By the time CertiK realized that this "Forbes reporter" was fake, the CertiK employee had already provided the conman access to the security firm's X account.

But it didn't stop there.

The attacker went further to make several posts on CertiK's account, promoting a fraudulent Web3 app.

The attacker's post claimed that Uniswap's router had been hijacked, further advising customers to use renounce.cash to renounce all of Uniswap's permissions. The scammer then appended a phishing link that took those who clicked it to a completely fake Revoke.cash website, that asked them to connect their wallets.

What would have happened next was a no-brainer.

A Swift Response From CertiK and Cyvers

Thankfully, the CertiK team was able to assess and control the situation in time.

In less than 10 minutes, the CertiK team started a recovery procedure to remove the attacker's access to the compromised X account.

The scam timeline 
The scam timeline 

The scam posts were also found removed, seven and fourteen minutes later. Overall, CertiK concluded its research and eliminated the threat within 37 minutes.

CertiK also received support from Cyvers, another blockchain security platform, which said that it said that it had detected the posts before they were removed and was the first to notify CertiK of the phishing scam.

 Cyvers further advised other users not to click on the fake Revoke.cash link and to carefully check the URL before connecting their wallets to any Web3 application.

A Part of a Larger Scale Attack

According to CertiK, over the last two weeks, the number of crypto-related X accounts has been on the rise.

CertiK also says that this may be part of a larger-scale continuing assault.

The attackers typically pose as "hotshot" reporters, and ask victims to set up a meeting by connecting their X accounts to the Calendly app.

However, this Calendly app would turn out to be a fake one, in which the victims unknowingly gave the fraudster access to post on X on their behalf.

As proof of this, ZachXBT, one of the most famous blockchain sleuths on Twitter has also been a target.

In a recent tweet, the sleuth provided an alleged screenshot of a similar scam message they received from someone pretending to be Mark Beech, a former contributor to Bloomberg and Forbes who passed away in 2020.

Scam messages from Mark Beech
Scam messages from Mark Beech

Past Similar Attacks

The current attacks on CertiK and ZachXBT are only the latest out of a rash of social engineering and phishing attacks in the last two years.

Recall that last year in September, the Twitter account of Ethereum co-founder, Vitalik Buterin was also attacked.

Attackers started to send out tweets containing a malicious phishing link using Buterin's account.

$691k drained from victims
$691k drained from victims

By the time the dust settled, the attackers had made away with nearly $700,000 in crypto assets, most of which were NFTs.

Another instance of this was in 2020 when the Twitter accounts of Joe Biden, Barack Obama, Warren Buffet, Bill Gates and even Elon Musk were simultaneously hacked and used to post phishing links.

A year later in 2021, a British man was reportedly arrested in Spain in connection to the attacks according to CNBC.

This happened after three other individuals were previously arrested, including the suspected "mastermind" of the assault, 17-year-old Graham Ivan Clark.

Clark eventually pleaded guilty to state charges and was given a three-year jail sentence.

Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.

Related Stories

No stories found.
Voice Of Crypto
voiceofcrypto.online