CertiK briefly loses its account to a Forbes impersonator


  • Blockchain security firm CertiK has announced a recent breach of its X account by an impostor posing as a Forbes reporter.
  • Navigating the ongoing crypto phishing wave.

Blockchain security platform CertiK recently experienced a phishing attack when an imposter, posing as a Forbes reporter, gained unauthorized access to their X (formerly Twitter) account. This incident highlights the ongoing threat of phishing scams targeting high-profile accounts in the cryptocurrency space.

CertiK details the phishing attack

According to CertiK’s post on X, the phishing attempt began when a verified account, seemingly affiliated with a reputable media outlet, contacted one of CertiK’s employees. Unfortunately, this account had been compromised, leading to the employee falling victim to a phishing scam. As a result, misleading tweets promoting a deceptive Web3 app were posted from CertiK’s official account. The fraudulent messages, which claimed that Uniswap’s router had been compromised, were swiftly detected and deleted by CertiK’s security team.

However, Cyvers, another blockchain security platform, reported having observed the malicious messages before their removal. The tweets urged users to revoke approvals for Uniswap using Revoke.cash, but the provided link led to a fake version of the site designed to steal users’ cryptocurrency. CertiK acted promptly, detecting the malicious messages within seven minutes and initiating a recovery process to revoke the attacker’s access to their X account. The team successfully removed the first of the malicious posts within 14 minutes, concluding their investigation and neutralizing the threat after 37 minutes.

Navigating the ongoing crypto phishing wave

This phishing incident is part of a larger-scale, ongoing attack, as indicated by CertiK. A similar scheme was described by an X user, NFT_Dreww.eth, in a post on December 21. In that case, the attacker, posing as a Forbes reporter, persuaded victims to link their X accounts to the Calendly calendar app for a supposed meeting. However, the provided links directed users to a counterfeit Calendly site with a misspelled URL. By connecting their X accounts to the fake site, victims unwittingly granted permission for the attacker to post on X on their behalf.

In response to concerns raised by on-chain investigator ZachXBT, who shared an alleged screenshot of the phishing message used against CertiK, the blockchain security platform encouraged those affected during the Twitter incident to reach out to them. The post did not explicitly address the question of whether reimbursement would be offered to victims who may have suffered losses due to the malicious post. Phishing attacks targeting high-profile cryptocurrency X accounts have become increasingly prevalent in recent weeks.

Notably, Compound Finance’s account fell victim to a phishing attack on December 29, followed by an attack on the founder of Polychain Capital’s account on January 4. These incidents underscore the persistent threat of phishing in the crypto space, emphasizing the need for heightened awareness and security measures within the community. As the crypto community grapples with evolving threats, users and organizations must remain vigilant against phishing attempts. Robust security practices, including two-factor authentication and scrutiny of incoming communications, are crucial in preventing unauthorized access and potential financial losses.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Owotunse Adebayo

Adebayo loves to keep tab of exciting projects in the blockchain space. He is a seasoned writer who has written tons of articles about cryptocurrencies and blockchain.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Subscribe to CryptoPolitan