In a recent security breach, the X account linked to the decentralized finance (DeFi) protocol Compound Finance, previously known as Twitter, fell victim to a significant hack. Both Scam Sniffer and Officer’s Notes, X accounts specializing in security matters, reported that the compromised account was actively promoting a deceptive phishing site.
Compound Finance X account hacked
The Compound Finance breach unfolded around 4:57 pm UTC when the hacked X account posted an enticing advertisement claiming to offer “free $COMP tokens.” The post urged users to click on a provided link, which, unbeknownst to them, led to a fraudulent website designed to mimic Compound Finance’s official site. Promptly responding to the situation, Officer’s Notes, a cybersecurity blogger, issued a warning at 5:14 pm UTC, cautioning followers against clicking on any links in the compromised post.
Simultaneously, Scam Sniffer, a blockchain security platform, alerted its users about a phishing link (compound-labs[.]xyz) identified 16 hours prior, originating from the official X account. According to Scam Sniffer’s detailed post, the advertised site was labeled a “Pink Drainer scam website,” indicating its nature as a phishing platform using the Pink Drainer software to exploit users and steal their cryptocurrency. Additionally, the post revealed that blockchain investigator ZachXBT had successfully traced the stolen funds, suggesting they were laundered through eXch exchange.
Phishing scheme unveiled and tracing stolen funds
On the messaging platform Telegram, ZachXBT reported a potential loss of around 275,700 LINK tokens, equivalent to $4.4 million, resulting from a phishing incident occurring approximately 2.5 hours prior. ZachXBT pointed out that these funds appeared to have been laundered through eXch. While the connection between this attack and the Compound X hack wasn’t explicitly stated, there were implications of a substantial loss exceeding $4.4 million. To provide further insight, the post included links to two Ethereum transactions illustrating the movement of funds.
The first transaction displayed a transfer of over 206,000 LINK tokens, equivalent to $3.2 million at the current market price, from a Pink Drainer wallet to a known phishing scammer address. The second transaction showcased a transfer of approximately 69,000 LINK tokens, valued at $1 million, from an account ending in 8dd4cf to a Pink Drainer wallet address. Additionally, the post shared a Scam Sniffer alert related to the incident, underscoring the account ending in 8dd4cf as the victim of the attack.
Further examination of blockchain data revealed that the victim had signed an approval transaction, granting the attacker access to spend a considerable amount of LINK. This security breach not only raises concerns about the susceptibility of high-profile accounts linked to decentralized finance protocols but also underscores the potential financial implications, with millions in cryptocurrency at risk. The use of sophisticated phishing tactics, exemplified by the Pink Drainer scam, highlights the necessity for heightened vigilance within the cryptocurrency community. As investigations progress, the crypto community anticipates additional details regarding the full extent of the attack and any additional security measures implemented by Compound Finance.