“Rising Threat: Account Hijacking and Cryptocurrency Scams Surge on X Platform”
Date: [25/01/2024]
X, formerly known as Twitter, is grappling with a surge in account hijacking incidents and cryptocurrency scams, raising concerns about the security of the platform. Several high-profile companies, including CertiK, Mandiant, Netgear, Hyundai, and even the U.S. Securities and Exchange Commission (SEC), have fallen victim to threat actors exploiting vulnerabilities on X.
The recent wave of scams takes a different form than the notorious 2020 breach, where hackers posed as IT staff and orchestrated a social engineering attack. This time, threat actors are hijacking verified accounts and leveraging them to conduct cryptocurrency scams. The hijackers, using verified handles such as “@Mandiant,” pose as legitimate entities like cryptocurrency wallet providers and promote fake currency giveaways.
Today Mandiant had their Twitter account stolen.
2024 starting strong pic.twitter.com/gHagm2o36q
— vx-underground (@vxunderground) January 3, 2024
CertiK, a prominent Web3 security vendor, revealed that its X account was hijacked through a sophisticated phishing attack originating from a compromised journalist’s account. The attackers utilized a fake link for a scheduling app, Calendly, to phish CertiK’s employee and gain unauthorized access to the X account. Fortunately, CertiK managed to recover its account promptly.
The recent victims also include Netgear and Hyundai’s Middle East and Africa (MEA) branch. In both cases, the attackers exploited the compromised accounts to send phishing links, luring victims to click on malicious URLs that could lead to cryptocurrency wallet breaches.
Mandiant, which regained control of its account after the hijacking, reported that a brute force attack compromised the password, highlighting the need for robust security measures, including two-factor authentication (2FA). Meanwhile, the SEC faced a brief compromise of its X account, where attackers posted false information about the approval of spot bitcoin exchange-traded funds. The SEC later clarified that the compromise resulted from an individual gaining control over a phone number associated with the @SECGov account.