CertiK [1] [2] [3] [4] [5] [6] [7] [8], a Web3 security vendor specializing in blockchain-focused cybersecurity, recently experienced a security breach that compromised their official Twitter account and Discord site. This breach highlights the vulnerability of the crypto industry to hackers and serves as a reminder for users to adopt best security practices.
Description
Hackers gained unauthorized access to CertiK’s official Twitter account and Discord site, resulting in a security breach. They exploited this access by posting tweets about a fake vulnerability in the smart contract code for Uniswap V3 and directing users to a fraudulent website impersonating Revokecash [5]. Screenshots of the attack revealed that the hackers used another hacked account associated with a well-known media outlet to send a phishing message. Additionally, they utilized the hacked account of a journalist with over 1 million followers to redirect CertiK’s 343,000 followers to a malicious website promoting a cryptocurrency wallet drainer. CertiK regained control of their compromised accounts within seven minutes and promptly removed the phishing posts. The motive behind the hack remains unclear [5], but it appears that the hackers aimed to exploit CertiK’s reputation to legitimize their phishing scams [5].
Conclusion
This security breach serves as a stark reminder that even reputable firms like CertiK can be compromised. It underscores the importance for crypto users to adopt the best security practices to protect themselves from such attacks. The incident also highlights the ongoing threat of social engineering through platforms like Calendly. Moving forward, it is crucial for the crypto industry to remain vigilant and implement robust security measures to mitigate the risk of financial losses caused by hackers.
References
[1] https://cryptopotato.com/uniswap-scare-certiks-hacked-account-spreads-false-vulnerability-claim/
[2] https://www.cointrust.com/market-news/cybersecurity-firm-certik-faces-phishing-attack-via-compromised-media-account
[3] https://thecryptobasic.com/2024/01/05/blockchain-security-firm-certik-suffers-hack-in-ironic-breach/
[4] https://cyber.vumetric.com/security-news/2024/01/05/web3-security-firm-certik-s-x-account-hacked-to-push-crypto-drainer/
[5] https://www.tradingview.com/news/cryptobriefing:61bec23da094b:0-certik-s-x-account-gets-hacked-sends-out-fake-vulnerability-warning-about-uniswap/
[6] https://www.dlnews.com/articles/people-culture/media-impersonator-certik-twitter-account-phishing-scam/
[7] https://www.infosecurity-magazine.com/news/certiks-account-hijacked-crypto/
[8] https://cryptonews.com/news/official-x-account-of-blockchain-security-firm-certik-compromised-whats-going-on.htm
