Web3 security firm Twitter account hijacked to spread malware

A Web3 security company fell victim to a social media phishing attack in which the attackers hijacked the company's account and shared a link to a harmful website.

This incident was initially reported by Certik on their Twitter account, "Certik Alert," where they warned their followers about a possible security breach of their main Twitter account and advised against interacting with any posts until the account's safety was confirmed.

Subsequently, Certik confirmed that their main Twitter account had been compromised and that a tweet containing a phishing link had been published. The malicious link remained active for 15 minutes, and it is unknown if any of Certik's 342,000 followers clicked on it.

The phishing message was designed to imitate Revoke, a crypto wallet management firm, luring users to a counterfeit website resembling Revoke's. This fake site reportedly contained cryptocurrency-draining malware, enabling unauthorized transfers of digital currencies from victims' accounts.

As a result of this incident, Revoke had to issue a warning about the scam. The phishing attack against Certik was executed using a legitimate but inactive Forbes journalist's Twitter account, which had been hijacked to target the security firm. Certik acknowledged in a tweet that a verified account of a renowned media outlet contacted one of their employees, leading to the phishing attack.

Certik responded swiftly to the breach, deleting the related tweets within minutes. This incident is believed to be part of a broader campaign employing similar methods to compromise other high-profile Twitter accounts. At least the accounts of Mandiant and the CEO of Polychain were compromised in the past weeks.

The method typically involves a hijacked journalist account initiating contact with a target organization and then sending a deceptive link under the guise of scheduling a meeting, which then compromises the victim's X credentials.