The rise of social media has revolutionized communication and business, but it has also attracted hackers and scammers, especially with the integration of social cryptocurrencies. No platform, from Twitter to Discord, has been safe from cybercriminals exploiting user vulnerabilities. Recent years have seen a surge in crypto-related social media hacks, including phishing attacks, fake giveaways, impersonation scams, and malware. These often use social engineering to deceive users into revealing sensitive information or sending money to criminals, resulting in financial loss, identity theft, and reputational damage.
This text explores recent crypto-related social media hacks, exposes cybercriminal tactics, and offers tips to protect yourself from such scams.
Current situation: case studies
Several high-profile social media accounts have been hacked in the first few weeks of 2024.
U.S. Securities and Exchange Commission (SEC)
At the beginning of January 2024, the SEC’s X (formerly Twitter) account was compromised in a well-organized attack. Just before the official ruling on a Bitcoin ETF, hackers gained unauthorized access to the SEC's social media account and posted a fake announcement that the ETF had been approved. This false news quickly spread and caused significant market volatility, leading to millions worth of cryptocurrencies being traded based on the fake news. As it became known later, the attack was possible because the SEC failed to enable multi-factor authentication (MFA) on their account.
Mandiant
Mandiant, a cybersecurity firm acquired by Google in 2022, also fell victim to a social media hack in January 2024. The company's X account, which did not have MFA enabled, was breached through a brute-force password-guessing attack. Once inside, the hackers shared a link to a scam page that seemed legitimate but was designed to steal cryptocurrency. As an outcome, thousands of dollars in cryptocurrency on the Solana blockchain were stolen.
CoinGecko
The crypto platform CoinGecko experienced a sophisticated breach of its X account in January 2024. Despite having MFA enabled, the account was compromised when an employee inadvertently clicked on a fraudulent Calendly link, which was part of a targeted phishing attack. The attacker then used the compromised account to post a fraudulent token airdrop, misleading many users into thinking they could receive free tokens. As a result, many users provided their private key information and ultimately lost access to their crypto wallets. It simply shows how sophisticated social engineering can bypass technical safeguards like MFA by taking advantage of human vulnerabilities. This example also emphasizes the importance of training employees to recognize and avoid phishing attempts.
CertiK
CertiK, a blockchain security firm known for auditing smart contracts, experienced a noteworthy breach in January 2024. The attackers compromised CertiK's X account and posted a link to a fake Revoke website. This counterfeit site was designed to look like a legitimate tool for revoking permissions granted to dApps but was actually used to drain value from victims' crypto wallets. The attack, which involved sophisticated social engineering, exposed vulnerabilities even in companies dedicated to blockchain security.
Common tactics used by scammers
Scammers use a wide range of tactics to trick users and gain access to their cryptocurrency. Understanding these tactics is essential for protecting yourself and your assets. Here are some of the most common methods used by cybercriminals in the crypto space.
Phishing attacks
Phishing is one of the most prevalent tactics used by scammers. It involves sending fraudulent messages, often via email or social media, that appear to come from a trusted source. The goal is to make the recipient provide sensitive information, such as private keys, passwords, or two-factor authentication codes.
- How It Works: Scammers create a fake website or message that mimics a legitimate one. Users are lured into entering their login details or other sensitive information, which the scammers then use to gain access to their accounts.
- Real-World Example On May 5, 2024, the Discord server of Gnus.AI was targeted in a sophisticated phishing attack. Hackers gained access to the server's administrative credentials and used them to distribute malicious links that mimicked legitimate cryptocurrency token minting sites. This exploit resulted in the theft of approximately $1.27 million. The attackers exploited Ethereum’s smart contract functionalities to create fake tokens, which were then sold to unsuspecting users.
Social engineering
Social engineering involves manipulating individuals into performing actions or divulging confidential information. Scammers often exploit human psychology, using feelings such as trust or fear.
- How It Works: Attackers pretend to be technical support, colleagues, or other trusted figures to gain the confidence of their target. Once trust is established, they request sensitive information or make the victim perform actions that compromise security.
- Real-World Example: The hack of Polychain Capital’s CEO’s X account involved social engineering tactics. The attackers tricked the CEO into divulging information that allowed them to access the account and post fraudulent announcements about fake airdrops, leading to users losing their funds.
Fake giveaways and airdrops
Scammers often take advantage of the excitement around giveaways and airdrops. They promise free tokens or coins in exchange for small payments or personal information, but the giveaways are never real.
- How It Works: Scammers create fake social media accounts or websites that pretend to offer free tokens. To receive them, users are asked to verify their wallets by sending a small amount of crypto or providing their private keys to receive the giveaway. Once the scammers get desired data, they disappear leaving users with nothing.
- Real-World Example: During the 2020 Twitter Bitcoin scam, hackers used high-profile compromised accounts to promote a fake Bitcoin giveaway, succeeding in stealing over $100,000. Similarly, the CertiK hack involved a fake Revoke website, tricking users into revealing their wallet details.
Malware distribution
Malware, or malicious software, is another common tactic used by scammers to steal tokens. Malware can be disguised as legitimate software, apps, or links and is designed to harvest sensitive information or gain unauthorized access to a user’s device.
- How It Works: Once installed, malware can record keystrokes, take screenshots, or even give remote access to the attacker. It often targets wallet applications or platforms where cryptocurrency transactions take place.
- Real-World Example: The Mandiant hack involved sharing a link to a scam page that likely distributed malware. Visiting the page made users unintentionally download malicious software that revealed sensitive information about their crypto wallets on the Solana blockchain.
How to protect yourself
Protecting yourself from crypto-related social media hacks requires a combination of awareness and best practices. Here are key strategies to safeguard your assets:
- Enable multi-factor authentication (MFA) on all your accounts. MFA adds an extra layer of security by requiring not just a password but also a second form of verification, such as a code from an authentication app. This significantly reduces the risk of unauthorized access even if your password is compromised.
- Be wary of unsolicited messages, emails, or social media posts asking for sensitive information. Always double-check URLs and verify the legitimacy of any requests for personal information. Avoid clicking on links or downloading attachments from unknown or suspicious sources.
- Regularly update your devices and software. Outdated software can have vulnerabilities that hackers exploit. Enable automatic updates on your operating systems, browsers, and cryptocurrency wallet apps. Additionally, use reputable antivirus and anti-malware programs to protect your devices from malicious software.
- Use strong, unique passwords for each of your accounts. A password manager can help generate and store complex passwords, making it easier to maintain strong security across multiple platforms.
- Learn about common social engineering techniques, such as impersonation and pretexting, and always verify the identity of anyone requesting sensitive information.
- Secure your private keys. Store them offline in a hardware wallet or a secure physical location, and never share them with anyone. Be cautious of entering private keys into online platforms, as this can expose you to theft.
- Monitor your account activity regularly to detect and respond to suspicious behavior quickly. Set up alerts for login attempts and transactions, and review your account activity frequently. Report any unusual actions immediately to mitigate potential damage.
- Avoid conducting sensitive transactions over public Wi-Fi, which can be insecure and prone to interception by malicious actors. If you must use public Wi-Fi, ensure you have a reliable virtual private network (VPN) to encrypt your data. Ideally, perform transactions over secure, private networks.
- Verify the authenticity of communications, especially those related to financial transactions or security updates. Reach out to the entity directly using verified contact information if you receive a weird message. Do not use contact details in the suspicious message itself as it can lead to data loss.
Conclusion
The rise in crypto-related social media hacks underscores the need for strong security practices and vigilance. Regularly update your security settings and be wary of unsolicited communications to protect your assets and boost confidence in online interactions. In the unpredictable realm of social media, proactive security is your best defense. Prioritize the protection of your digital wealth to stay safe and secure.