On January 17, a hacker compromised the Ethereum staking protocol Rocket Pool’s X account.
The hacker requested that users move their assets by clicking on a fraudulent link. The hijacker of Rocket Pool sent a message outlining the bright contract flaws that the purported team had found. In order to prevent losses, the message instructed customers to click on a link and move their assets to a version 2 contract.
The Rocket Pool crew acknowledged the event on Discord and advised users not to interact with any links the account had posted till later. At the time of publishing, no information was available regarding potential losses or cryptocurrency theft.
The bug has already been used in several hacks this year in response to attacks on companies such as CoinGecko. On January 10, the Bitcoin price aggregator disclosed that its X account had been compromised.
On January 9, hackers also gained access to the US Securities and Exchange Commission (SEC) account by posting a fictitious notice of approving a Bitcoin ETF. SEC Chairman Gary Gensler stated that no new breaches had been found, but senators insisted on more information.
Additionally, it is said that the FBI is looking into the SEC hack. Olaf Carlson-Wee, the CEO of Polychain Capital, had his Twitter account hacked a few days prior to the SEC’s security breach, and the hackers were pushing a bogus airdrop link.
These kinds of breaches draw attention to a larger security issue in cryptocurrency since they affect stakeholders and expose certain protocols to sophisticated social engineering attack vectors.
Crypto security may be a barrier to widespread adoption as we enter a bull market marked by a defi comeback and a surge of retail capital driven by institutional adoption.
