2 months ago
25
On Monday morning, the official X account of business intelligence company MicroStrategy fell prey to an elaborate phishing scam resulting in significant crypto losses. The attackers compromised the account to promote fake Ethereum token airdrops, deceiving followers into relinquishing control of their digital assets.
TLDR
- icroStrategy’s X account was breached, with hackers posting a fake Ethereum token airdrop scam
- The phishing links claimed to offer an “MSTR” token, tricking users to connect wallets and draining $440K+ so far
- Attack exploits MicroStrategy’s reputation to manipulate trust, part of a growing trend of social media crypto scams
- Compromised accounts of trusted entities like SEC and Vitalik Buterin also recently used to steal from followers
- MicroStrategy silent so far on the hack, raising concerns over their response and ability to contain the breach
Posting through MicroStrategy’s account, the hackers advertised an airdrop for a non-existent token dubbed “MSTR” and encouraged users to click fraudulent links claiming to offer free allocations. However, these links redirected to a mimic webpage instructing victims to connect their Web3 wallets, granting permissions for the threat actors to drain funds upon access.
According to on-chain investigator ZachXBT, over $440,000 worth of crypto has already been stolen through this scam just hours after the initial posts. One disastrous transfer saw a single wallet lose more than $420,000 across various Ethereum and Polygon-based tokens. The loot has since been routed through mixer wallets to obscure the money trail.
0xe7645b8672b28a17dd0d650a5bf89539c9aa28da
~$440K stolen from the compromise so far
— ZachXBT (@zachxbt) February 26, 2024
The attack represents yet another example of hackers preying on the trusting relationships between established crypto players and their network of followers on social media platforms. By hijacking accounts of reputable entities, scammers can exploit blind spots in security consciousness to distribute convincing phishing links.
Earlier in 2023, Ethereum inventor Vitalik Buterin’s X account was also breached by fraudsters promoting fake ConsenSys deals, scamming almost $700,000 in the process. Similarly, threat actors compromised the X profiles of top governmental regulator SEC as well as data provider CoinGecko this January, spreading misinformation and phishing scams.
The growing prevalence of such incidents continues to endanger the crypto community, especially newer adopters less attuned to sophisticated social engineering tactics. Experts strongly advise practicing skepticism when engaging with online crypto promotionals, no matter the source, and taking steps to independently verify legitimacy before inputting any wallet credentials.
MicroStrategy is a major publicly traded company focused on Bitcoin and crypto investments, helmed by vocal BTC proponent Michael Saylor. As such, the firm enjoys significant brand recognition and trust in the digital asset sphere. This high-profile status renders them an ideal target for bad actors to leverage via account takeovers.
However, MicroStrategy is yet to release any official statements addressing Monday’s security breach or its aftermath. Their continued silence on the matter may signal internal upheaval and inability to contain damages from the scam.
The recent spate of social media crypto scams highlight the pressing need for heightened cybersecurity measures, transparent discourse, and increased user awareness to thwart ever more cunning attack vectors exploiting trust and reputation.
The post Hackers Drain $400K+ in MicroStrategy X Phishing Attack appeared first on Blockonomi.
English (US) ·