This article is more than three months old

Media impersonator penetrates CertiK’s X account with well-worn phishing scam

Media impersonator penetrates CertiK’s X account with well-worn phishing scam
CertiK's co-founder Ronghui Gu. Credit: Andrés Tapia
  • The blockchain security outfit confirmed its X account was compromised.
  • 'We quickly detected the breach,' a CertiK representative told DL News.
  • An unknown player pretended to be a media member to trick a CertiK employee.

Blockchain security firm CertiK’s account on X was compromised on Friday following an employee’s interaction with a scammer posing as a representative from a media organisation.

“A verified account, associated with well-known media, just contacted one of our employees,” a CertiK spokesperson told DL News.

“Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee.”

“We quickly detected the breach and deleted the related tweets within minutes. At this time, investigation indicates that there is no significant loss due to this incident.”

Stay ahead of the game with our weekly newsletters

Not a stamp of approval

The breach is a potentially embarrassing development for a firm predicated on protecting crypto projects from bad actors. CertiK, a five-year-old firm based in New York, offers smart contract audit services.

It’s one of the most well-known audit firms in crypto and often attracts criticism when its clients fall victim to exploits.

“An audit is not a stamp of approval or a ‘pass’ or fail, it’s an objective review of a project’s code,” CertiK’s Brooks told DL News in April, after the developers of an obscure protocol called Merlin, its client, made off with $1.8 million.

“We always encourage users to read and understand audit reports before getting involved with a project.”

Join the community to get our latest stories and updates

The breached CertiK account on X, formerly Twitter, disseminated a message to the security firm’s 343,000 followers. It falsely claimed a vulnerability in the decentralised exchange Uniswap’s router contract.

The tweet deceitfully directed users to a bogus Revoke.cash site. Revoke.cash is a popular crypto service enabling users to control and withdraw permissions granted to various smart contracts.

Fake media

The fake media representative tweeted through CertiK’s account that Uniswap users can use Revoke users to secure their wallets. The idea was to drain users’ wallets under the guise of revoking at-risk approvals.

Responding to CertiK’s bogus tweet, the Revoke.cash team warned users about the phishing attempt.

“It appears @CertiK’s X account has been hacked, spreading a link to a counterfeit Revoke website. Uniswap has NOT been compromised,” the firm said.

Scammers impersonating journalists or media executives to carry out phishing attacks is a growing trend in crypto.

They create fake profiles, which are often verified with a blue tick. They reach out to targets, which can range from individuals to corporate employees, under the guise of being journalists seeking information or interviews.

Potential harm

Unwary recipients, believing they are interacting with genuine media figures, may be more likely to download attachments or click on links, which could potentially be harmful.

The effectiveness of this method lies in its exploitation of trust in the media. Journalists often require quick communication, which lends an air of authenticity to these fraudulent approaches.

When a victim clicks on a malicious link or downloads a contaminated file, the scammer can gain access to their device, leading to data theft, ransomware attacks, or unauthorised access.

But journalists will never ask potential sources to download files or even sign consent forms — two tactics commonly associated with these types of scams.

Ekin Genç is DL News’ managing editor. Have a tip? Contact the author at ekin@dlnews.com.

Related Topics