According to an X post from CertiK on January 5, a phishing scammer impersonating a Forbes reporter temporarily accessed the X (previously Twitter) account of the blockchain security platform CertiK and used it to promote a malicious Web3 application.
One of our employees received communication from a verified account affiliated with a reputable media organization. This employee was, unfortunately, the target of a phishing attack after the compromise of this account.
According to the post, a verified account associated with a well-known media outlet contacted one of our employees. The post asserted that the compromise of the account led to the employee being phished and “related tweets” being published to the account.
At this time, the malicious messages have been removed. On January 5, the blockchain security platform Cyvers asserted in a post to X that it had observed the purged messages before their removal.
Per their assertions, the communications declared the compromise of Uniswap’s router and instructed recipients to cancel all authorizations for Uniswap by utilizing Revoke.cash. It resulted in a rogue version of Revoke.cash attempting to steal users’ cryptocurrency.
According to CertiK, the team promptly initiated a recovery procedure to revoke the attacker’s access to its X account within seven minutes of their publication after discovering the malicious communications.
The group was able to remove the initial negative post within fourteen minutes. The team achieved success in neutralizing the threat 37 minutes into the investigation.
CertiK asserted that the fraud was a component of “an ongoing, large-scale attack” comparable to the one X user NFT_Dreww.eth described in a December 21 post.
The attacker posed as a Forbes reporter and instructed victims to link their X accounts to the Calendly calendar app to arrange a meeting, as described in the NFT_Dreww.eth account for the phishing scheme.
The hyperlinks could have led to the official website of Calendly. In lieu of that, they visited a fraudulent Calendly site that featured a misspelled URL. Unknowingly granting the assailant permission to publish content on behalf of the victim on X, they “connected” their X account to the fraudulent website.
ZachXBT, an on-chain investigator, purportedly attached a screenshot of the deceptive message that CertiK received in response to CertiK’s post. The message appears to originate from an imposter posing as Mark Beech, a deceased former contributor to Forbes and Bloomberg who passed away in 2020.
ZachXBT inquired in their post whether CertiK would reimburse victims who came into contact with phishing attempts due to the deceptive post to CertiK’s account. CertiK issued the following statement in response: “We urge all individuals impacted by the recent Twitter incident to contact us.”
Phishing attempts in the last fortnight have compromised several prominent crypto X accounts. On December 29, a breach occurred on the Compound Finance account. Equally affected on January 4 was the proprietor of Polychain Capital.