Jan 06, 2024 Alexander Chelpanov
How Did the CertiK X(Twitter) Hack Happen?
CertiK, a prominent blockchain security firm, experienced a breach of its X(Twitter) account on January 5, 2023. This attack led to the posting of a phishing link, potentially endangering the digital assets of the project's followers.
How Was CertiK's Twitter Account Compromised?
The incident began when a CertiK employee was contacted by a Twitter account that appeared to be associated with a well-known media entity. This account, which was later found to be compromised, engaged the employee in a manner that led to a successful phishing attack, granting the attackers unauthorized access to CertiK's Twitter account.
Once they had access, the attackers used CertiK’s Twitter account to post misleading information. The posts falsely claimed that Uniswap’s router had been compromised and urged users to revoke approvals using a link provided in the tweets. This link directed users to a fake version of the Revoke.cash app, endangering their digital assets.
What Was CertiK's Response to the Twitter Hack?
CertiK’s response to the breach was prompt and systematic as reported by the company itself. The team detected the breach at 08:55 am UTC, just minutes after the account was compromised at 08:48 am UTC. They initiated a recovery process, leading to the deletion of the first phishing tweet by 09:02 am UTC. By 09:25 am UTC, the situation was under control, and the threat was deemed neutralized.
A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee.
— CertiK (@CertiK) January 5, 2024
We quickly detected the breach and deleted the related tweets within minutes. Our… pic.twitter.com/aO7GQjXEz2
Were There Any Similar Incidents Reported and What Were the Community's Reactions?
This attack on CertiK's Twitter account mirrors a larger pattern of phishing scams targeting the crypto community. Similar tactics were used in previous scams, including one where attackers posed as Forbes reporters to gain access to and exploit Twitter accounts.
The reaction from the crypto community was swift, with on-chain sleuths like ZachXBT getting involved. They raised concerns about the broader implications of such attacks and the potential need for victim reimbursement.
Here is the leaked DM Certik got phished by.
— ZachXBT (@zachxbt) January 5, 2024
Why did you not find the “well-known media” account which contacted you suspicious since they had not posted since April 2020 (clearly compromised)?
Will Certik be reimbursing victims? pic.twitter.com/ys1HcQgPCT
What Can Be Learned from the CertiK Twitter Hack?
The CertiK Twitter hack highlights the persistent threat of phishing scams in the cryptocurrency sector. It underscores the importance of ongoing vigilance, robust security practices, and the need for rapid response mechanisms to mitigate the impact of such breaches. This incident serves as a reminder for individuals and organizations alike to remain alert and cautious, particularly when dealing with digital assets in the volatile and often targeted realm of cryptocurrency.
