This week has been a very eventful one. From Monday until Thursday, we have seen the hacks of not one, but two major Twitter (X) accounts:
Less than a day after the US Securities And Exchange Commission's X account was hacked and used to send out misinformation about a fake ETF approval (that turned out to be true), CoinGecko was also hit.
However, this time, instead of posting misinformation on Coingecko's page, the hackers went ahead and posted a phishing link to a fake airdrop.
On January 10 this week, CoinGecko announced that hackers had gained access to both its X account and terminal.
In detail, these Coingecko hackers sent out posts that offered a fake "Coingecko Token" airdrop to customers who clicked on an attached phishing link.
CoinGecko quickly regained control of its account and removed the message, but thousands had already seen it
CoinGecko declared on its page that "we're taking immediate steps to secure our accounts and investigate the situation." Users were also warned not to interact with any suspicious Tweets or click on any suspicious links.
CoinGecko is not the only entity that has been targeted by hackers on X.
Less than a day earlier on Jan. 9, the US SEC also revealed that its X account had been compromised and that a fake tweet had been sent, claiming that the SEC had authorized several Bitcoin spot exchange-traded funds (ETFs).
What is interesting though, is how X claims that the SEC's account did not have two-factor authentication (2FA).
This was the same issue with Coingecko, highlighting the critical levels of Twitter account hacks in January especially.
Last week, we saw the likes of CertiK, one of the leading security firms, hacked via a social engineering attack from someone pretending to be a reporter from Forbes on one of its employees.
This CertiK hack allowed the hacker(s) to post phishing links on the firm's page, which stayed there for a few minutes before the firm eventually took it down.
As with the issue of the SEC and CoinGecko, the X safety team says that the hack was caused by "an unidentified individual obtaining control over a phone number associated with these accounts through a third party,".
Overall, 2024 has witnessed a spike in phishing attacks and X account hacks especially.
According to Blockchain security companies like CertiK, X account hacks and phishing attacks are starting to become more and more advanced, by luring victims in via social engineering and artificial intelligence.
Overall, the Coingecko incident adds to the growing list of hacks in 2024, including the $80 million Orbit chain hack, the second-time CoinsPaid hack this week that drained $7 million, the $4.5 million Radiant Capital hack, as well as the $3.4 million Gamma strategies hack last week.
Overall, 2024 is starting to appear rife with hacks and breaches, with over $120 million stolen at the time of writing.
This shows a growing trend of hacks and scams in 2023, highlighting the need for investors to be vigilant—especially now that crypto market activity is expected to experience an uptick.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.