In October 2024, a sharp increase in phishing scams was observed, primarily targeting notable accounts on social media platforms. These attacks often result from social engineering tactics that trick account holders into authorizing malicious applications. The compromised accounts are then used to post deceptive messages, often involving fake airdrops or other phishing links, leading to significant financial losses for unsuspecting users.
Several high-profile X accounts were compromised this month, leading to significant security breaches:
EigenLayer: a decentralized staking platform that allows users to secure multiple blockchain applications with their staked assets. Recently, its official account was compromised, with attackers promoting a fraudulent token distribution that resulted in $6 million in user losses. One individual reportedly lost $800,000 due to an interaction with a phishing link linked to this attack, as confirmed by a security firm.
Lagrange’s social media account was also taken over, with phishing links posted to mislead users into potential scams.
Zulu Network’s account was compromised, leading to the distribution of harmful phishing content aimed at deceiving followers.
Spot On Chain: Attackers posted a phishing link on Spot On Chain’s account, promoting a fake “EIGEN airdrop.” Comments on the post were disabled, preventing users from warning each other of the scam.
Symbiotic account, suffered an unauthorized breach, with phishing links posted to deceive followers.
The homepage of LEGO’s official website was briefly hijacked to display a fraudulent “LEGO Coin” token offer. The scam was live for approximately 75 minutes before being removed.
Attackers accessed KOR Protocol’s account and used it to post phishing tweets, targeting the project’s followers with malicious content.
Ambient Finance, this decentralized finance platform experienced a domain hijacking attack. The compromised site led users to a fraudulent page, and users were advised to avoid engaging with the site until further notice.
MuratiAI, a platform for anime-focused AI networks and bots, was suspected to be hacked, with phishing links reportedly posted on its account.
Keyston, the official account of the hardware wallet provider, was suspected to be compromised, sharing malicious links that could mislead users.
Andy Ayrey, founder of the AI bot project Truth Terminal, recently announced a new token, $IB. His account is also suspected of being hacked, with security concerns surrounding this announcement.
Attack Methods Explained
Account Compromise
Account compromise occurs when an attacker gains unauthorized access to a user’s account, often by obtaining credentials through phishing or social engineering. Once access is gained, attackers may post deceptive content, such as fake giveaways or airdrop links, intended to trick followers into interacting with malicious links.
DNS Hijacking
DNS hijacking involves manipulating the Domain Name System (DNS) of a website, redirecting users to a malicious site. In the case of Ambient Finance, attackers took control of the domain, leading users to an altered website that posed a security threat.
Recommendations
Be Cautious with App Authorizations: Both users and social media managers should think twice before granting access to third-party apps. Each authorization can open doors for potential security risks.
Wallet Security Alerts: Wallet providers should add clear alerts about token approval requests. These warnings could help prevent accidental approvals that lead to unauthorized transactions.
Stay Vigilant on Social Media: Even verified accounts aren’t always safe. Users should be careful when engaging with posts, as attacks on high-profile accounts are becoming more common.
Phishing scams through compromised accounts are evolving, using the credibility of official channels to deceive users. This highlights the urgent need for stronger security measures across crypto and Web3 platforms.
While we strive for accuracy in our content, we acknowledge that errors may occur. If you find any mistakes, please reach out to us at pr@nominis.io. Your feedback is appreciated!