Prominent blockchain security firm CertiK’s X account (previously Twitter) was hacked on January 5th. The compromised account, with a follower count of 342,900, stole crypto from users’ wallets through carefully disguised phishing links.
One of the links posted falsely asserted that a vulnerability had been identified in Uniswap’s router contract. The misleading tweet urged users to visit a fake RevokeCash page, claiming it would enable them to reverse any vulnerable approvals.
- The legitimate Revoke team has since verified the falsity of the message, confirming that CertiK’s X account was compromised and is sharing a link to a fake Revoke website. It further clarified that the earlier claim of Uniswap being compromised was untrue, as propagated by the phishing attempt.
- The CertiK team has issued a brief statement regarding the matter, indicating that they are actively investigating the compromise. They have also advised users to avoid engaging with any posts until the security of the account is confirmed.
- This isn’t the first time that one of CertiK’s social channels was hacked.
- In fact, its official website briefly included a Discord link in November that redirected users to a deceptive server containing malware. Despite this discovery, CertiK has not made any public statements about the incident.
- Phishing attacks have wreaked havoc in the digital assets space, with several wallets being drained after clicking on similar fake links through dubious X accounts.
- Earlier this week, Bill Lou, the CEO and co-founder of Nest Wallet, revealed that he had suffered a phishing attack, resulting in the loss of 52 stETH, valued at $125,000.