Hackers are once again taking advantage of social networks to do their thing. This time, they compromised the official Twitter account of a popular crypto exchange to promote a phishing scam.
Around midnight on October 21, PeckShieldAlert reported that the official Twitter account of Gate.io was hacked to promote a scam simulating a Giveaway of up to 500,000 USDT in rewards.
The tweet posted by the hackers offered a prize of 500 USDT to the first 1,000 winners who claimed the reward by connecting their wallet to a fake phishing page, pretending to be the platform’s official site.
Thanks to the warnings from Peckshield and the community, Gate.io regained control of its account and removed the malicious advertisement. The number of victims who were defrauded, however, is unknown.
#PeckShieldAlert #Phishing Seems like crypto-exchange Gate[.]io’s verified Twitter account @gate_io was compromised & has been used to share links to fraudulent $USDT GIVEAWAY.
gąte[.]com is the phishing site.
Thanks @aayushrai11 and @grpolice for the intel pic.twitter.com/cpZ6CgAADm
— PeckShieldAlert (@PeckShieldAlert) October 22, 2022
The Rise of Phishing Attacks and Crypto Scams
Phishing scams promoting cryptocurrency giveaways claimed multiple victims in 2020, when the accounts of several celebrities such as Bill Gates, Jeff Bezos, Elon Musk, Kanye West, Barack Obama, and Joe Biden were hacked, raising doubts about Twitter’s security policies and its ability to detect hackers. A young man who used the breach to get some free crypto was responsible for the controversial hack.
Celebrities in the crypto world have been no strangers to scam attacks either. From Ethereum creator Vitalik Buterin Cardano founder Charles Hoskinson to Ripple CEO Brad Garlinghouse, many big names have been used as bait for elaborated (and simple) crypto scams. Recently, Ripple’s CEO complained that Twitter’s AI still couldn’t differentiate between real accounts and the scam accounts that have been increasing exponentially on the platform.
I can’t believe I’m still doing this – @TwitterSupport, it’s embarrassing when you can’t distinguish a real profile from a fake one. Verified scam accounts are now replying to tons of crypto tweets with my image, @VitalikButerin’s or @CZ_Binance’s. (watch it happen to this tweet) pic.twitter.com/wx9LzR75YR
— Brad Garlinghouse (@bgarlinghouse) October 3, 2022
According to the latest Interpol report on the matter, the vast majority of the 195 countries that are part of the organization expect this type of activity to increase further in the coming years, which is why they have created a special unit to combat this type of cybercrime internationally.
Another Hack During The Week: Olympus DAO
Phishing scams have increased but so have white hat hackers, who, over the past few months, have taken it upon themselves to report flaws in smart contract projects to collect the rewards offered.
For example, yesterday, a hacker stole nearly $300k in OHM tokens from OlympusDAO but decided to return them a couple of hours later.
It seems the related @OlympusDAO‘s BondFixedExpiryTeller contract has a redeem() function that does not properly validate the input, resulting in ~$292K loss. https://t.co/dkhC5Ex9sz https://t.co/ikidpLyBga pic.twitter.com/wu5tUrepS6
— PeckShield Inc. (@peckshield) October 21, 2022
The hacker could have obtained up to a maximum of 3.3 million dollars if he had reported the code flaw. Since January 2022, the DAO has offered that amount as a reward to those who detect errors that can cause millionaire losses of funds.