Blockchain security firm CertiK confirmed the compromised situation of its official account on X (Twitter). In response, the company advised the crypto community to avoid any interaction with the account’s posts. It was reported from the company that approximately $3 million worth of USDT was stolen from address 0xe7B0.
A phishing scammer posing as a Forbes reporter briefly gained access to blockchain security platform CertiK’s X (formerly Twitter) account and used it to post messages advertising a malicious Web3 app, according to a 5 January in CertiK X.
In response, the company advised the crypto community to avoid any interaction with the account’s posts, highlighting that they were in the middle of investigating the hack.
CertiK reported this event via X on January 5, in the following terms:
“A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee.
We quickly detected the breach and deleted the related tweets within minutes. Our investigation indicates this is a large-scale ongoing attack (…)”
In a January 5 post on X, blockchain security platform Cyvers claimed to have seen the messages before they were deleted. According to them, the messages claimed that the Uniswap router had been compromised and that users needed to revoke all approvals for Uniswap using Revoke.cash. It led to a fake version of Revoke.cash that attempted to steal users’ cryptocurrency.
CertiK Hacked via X
Social media was filled with images showing that the attacker had shared a phishing link, accompanied by a false message about an alleged re-entry exploit on the Uniswap Router.
Uniswap, the leading decentralized exchange platform on Ethereum with a total value locked close to $3.8 billion, was not affected by the news.
The post urged the community to revoke access to the link using a Revoke Cash link. However, observers immediately warned that this link acted as a phishing bait designed to empty the wallets of unsuspecting people.
Regarding the situation, CertiK communicated the following:
“We are currently investigating a breach of our X @CertiK account.
Please do not interact with any posts until we have confirmed that the account is secure.”
The malicious messages were discovered within seven minutes of being posted, CertiK said, and the team immediately began a recovery process to remove the attacker’s access to their X account. Within 14 minutes, the team managed to delete the first of the malicious messages. After 37 minutes, the team’s investigation was concluded and the danger was neutralized. CertiK claimed that the scam was part of “a large-scale ongoing attack” similar to the one described by X user NFT_Dreww.eth in a December 21 post.
Blockchain researcher ZachXBT asked CertiK if it would refund victims who may have been phished as a result of the malicious post to CertiK’s account. In response, CertiK stated “We encourage those affected during the recent incident on Twitter to contact us.”
CertiK Updates the Community after the Hack of its Account
The CertiK-affiliated security alert account issued a warning to users, urging them to avoid any interaction with the main account’s posts until their safety was confirmed, highlighting that they were investigating the incident.
This event highlights the sophistication of recent hacks in the crypto community, underscoring the importance of security and constant surveillance in the blockchain ecosystem.
By Leonardo Perez
