“Rising Threat: Account Hijacking and Cryptocurrency Scams Surge on X Platform”

Date: [25/01/2024]

X, formerly known as Twitter, is grappling with a surge in account hijacking incidents and cryptocurrency scams, raising concerns about the security of the platform. Several high-profile companies, including CertiK, Mandiant, Netgear, Hyundai, and even the U.S. Securities and Exchange Commission (SEC), have fallen victim to threat actors exploiting vulnerabilities on X.

The recent wave of scams takes a different form than the notorious 2020 breach, where hackers posed as IT staff and orchestrated a social engineering attack. This time, threat actors are hijacking verified accounts and leveraging them to conduct cryptocurrency scams. The hijackers, using verified handles such as “@Mandiant,” pose as legitimate entities like cryptocurrency wallet providers and promote fake currency giveaways.

CertiK, a prominent Web3 security vendor, revealed that its X account was hijacked through a sophisticated phishing attack originating from a compromised journalist’s account. The attackers utilized a fake link for a scheduling app, Calendly, to phish CertiK’s employee and gain unauthorized access to the X account. Fortunately, CertiK managed to recover its account promptly.

The recent victims also include Netgear and Hyundai’s Middle East and Africa (MEA) branch. In both cases, the attackers exploited the compromised accounts to send phishing links, luring victims to click on malicious URLs that could lead to cryptocurrency wallet breaches.

Mandiant, which regained control of its account after the hijacking, reported that a brute force attack compromised the password, highlighting the need for robust security measures, including two-factor authentication (2FA). Meanwhile, the SEC faced a brief compromise of its X account, where attackers posted false information about the approval of spot bitcoin exchange-traded funds. The SEC later clarified that the compromise resulted from an individual gaining control over a phone number associated with the @SECGov account.

While X has been a hotbed for cryptocurrency scams, the platform has also witnessed questionable advertisements for “X Token” and “X Coin” cryptocurrencies. Some malicious ads even exploited the likeness of X owner Elon Musk.

Christopher Budd, Director of Threat Intelligence at Sophos, noted that X’s reported staff reduction by nearly 80% in the past 12 months might be impacting the platform’s stability and security. He emphasized the importance of reassessing risks associated with the platform, urging users and businesses to conduct fresh risk assessments and take appropriate actions.

As X grapples with the evolving threat landscape, users and organizations must remain vigilant, adopt stringent security practices, and reassess their reliance on the platform to safeguard against emerging risks.

[Note: The article will benefit from additional information if obtained from CertiK, Mandiant, Netgear, Hyundai, and SEC responses.]