🔥 Land A High Paying Web3 Job In 90 Days LEARN MORE

Immutable AI Labs social media compromised, spreads phishing links

In this post:

  • Immutable AI Labs has been spotted spreading malicious links through its main X page and in replies.
  • Aerodrome was also threatened by a spoof Google sponsored link.
  • Phishing links and wallet drain attacks have increased across multiple chains as the value of tokens continues to grow.

Immutable AI Labs appears to have been compromised as it was spotted sharing a risky link for its IMMU token airdrop. Web3 security researchers found other instances of compromised social media profiles recently. 

Immutable AI Labs had its social media profile compromised, as discovered by Web3 Antivirus. The inquisition came after Immutable AI’s X account was found spreading a fake link for users to check their eligibility ahead of its new IMMU token airdrop. 

The risk is still present, as the Immutable AI X account is still not frozen or suspended. The malicious link was still active hours after the initial posting. The fake link uses a spoof ImmutableAI website, with only a slight difference to the real eligibility checker. The hijacked account has also been spreading the phishing link through replies.

Address checkers do not flag the spoof site as risky, and the Web3 Antivirus tool only flags the risk when trying to connect a wallet.

Fake address for Immutable AI Labs, offering a spoof link to connect a wallet.
Fake address for Immutable AI Labs, offering a spoof link to connect a wallet.

Hijacked social media accounts are one of the main methods of distributing fake token addresses and phishing links. This time, the mixup also included a fully spoofed website. The Web3 Antivirus service marks the address as risky, containing a wallet drainer and a spoofed Ethereum address that looks legitimate. 

Immutable AI Labs hijackers advertising fake IMMU token

For Immutable AI Labs, the IMMU token is not mentioned anywhere else on social media, with no detailed conditions on the airdrop. Immutable AI has nothing to do with ImmutableX, which is a separate project that claims to secure AI training models on the blockchain. 

See also  Binance Coin (BNB) breaks to new ATH, boosted by general altcoin trend

Social media attacks spoofed users of up to $3.5M in the past few months, according to blockchain tracking by ZachXBT. The accounts attacked were mostly crypto insiders, though they also included the social media handle of McDonald’s. 

Stolen X accounts may be especially tricky, as there have been cases where the hacker regains control of the app even after recovery. Sometimes, a hacker may set up a passkey on a mobile app, which is usually sufficient to re-enter the account and send out messages.

The exploit hinged on the passkey creation, which is not immediately visible to the true account owner. For Web3 and other projects, account recoveries must take into account the potential for access through a passkey, which must be revoked.  

As tokens gain value and activity increases, phishing links now have more opportunities to hide in various forms. DeFi activity, token sales, NFT mints, or other Web3 activities are all viable options for creating wallet drainers, fake tokens, or Pump.fun rug pulls. 

Aerodrome DEX also impersonated through malicious Google ads

In cases where hackers cannot take control of a social media account, fake advertisements on Google searches are still a common tool for spreading spoofed links. One recent attack involved the DeFi Llama trading service.

The best approach to avoid these traps is to bookmark the legitimate links for most DEX and DeFi services instead of relying on a Google search every time. Some links may need to be double-checked or, as a last resort, tested with a wallet that does not contain significant reserves.

The popularity of the Base blockchain and its ability to reach valuable assets made hackers post a fake ad for Aerodrome, one of its most active DEXs. 

See also  Crypto.com offers hackers $2M to take their best shot at its security system

This time, the sponsored content was removed almost immediately. The attack against Base shows the chain has established itself as one of the main stores of value. Until recently, scam tracking services noted more than 95% of exploits targeted Ethereum. Base, as a Layer 2, still carries valuable assets, including USDC tokens. 

Solana wallet exploits are even riskier since the signed permission cannot be revoked. Once a drainer controls the wallet with a signed permission, that address is forever tainted and not safe to store any assets, even if the user controls their private keys. 

Scam links often drain small-scale wallets. However, some of the biggest exploits have reached more than $32M. Pink Drainer, the most common wallet draining tool, has so far accrued more than $8B in multi-chain assets, with 22,161 victims. Targeted wallet draining for large sums is usually the more efficient option, but general spoof links still attempt to drain the wallets of retail users.

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Cryptopolitan
Subscribe to CryptoPolitan