Crypto scammers promote phishing scam on Decentraland’s X account

2 months ago 20
Hacker in action.

Crypto scammers hacked Decentraland’s X account to promote a phishing scam targeting the project’s over 600,000 followers.

Hackers hijacked Decentraland’s X account early on Sept. 19, posting misleading information about an airdrop for the platform’s native token, MANA.

The posts included phishing links for a malicious website that was branded to look like a legitimate Decentraland backed airdrop.

According to a report by PeckShield, the first malicious post appeared at 01:50 am UTC, directing users to a website that falsely claimed to be part of Decentraland’s token distribution. 

Clicking the link redirects users to a website controlled by the attacker where they are asked to connect their wallets.

This is where the attack transpires as connecting a wallet exposes users to a malicious transaction, which when signed transfers control of a victim’s assets to the attacker.

To make the scheme look legitimate, the attackers also disabled comments on the fake posts, stating that it was to “prevent malicious links.” 

Though the initial posts were removed, subsequent phishing attempts soon followed, promoting the same scheme but on a different website.

At the time of writing, two of the scammer’s posts are still live, and Decentraland has yet to regain full control of its account.

Scam post on Decentraland’s official X account. Source: X

PeckShield has advised users to avoid interacting with the Decentraland X account until the issue is resolved. The number of affected users remains unknown.

The crypto sector is facing a wave of attacks

Phishing scams in the cryptocurrency sector have been on the rise, and this latest incident highlights the growing threat. 

Earlier this year, the Ethereum Foundation fell victim to a similar attack and scammers managed to send phishing emails to nearly 36,000 addresses under the guise of a staking scheme. 

Other prominent crypto projects have also fallen victim to such scams, including users of The Open Network (TON).

SlowMist founder Yu Xian had warned that the large-scale attacks were fuelled via Telegram groups where clicking the phishing links or interacting with malicious Telegram bots resulted in funds being siphoned off TON wallets.

Meanwhile, in July, crypto scammers hijacked the website of decentralised lending platform Compound Finance and redirected users to a malicious clone that ran a phishing scheme.

A report from blockchain security firm Scam Sniffer has reported that phishing scams in August alone led to the theft of $63 million from 9,145 victims, marking a 215% increase from July.

Aside from phishing, another security issue affecting the cryptocurrency industry involves the hacking of social media accounts, particularly on X. Such attacks have become a growing problem, with scammers using compromised accounts to promote fraudulent schemes.

Last month, Real Madrid footballer Kylian Mbappé’s X account was hacked, leading to the promotion of a scam token. The attackers posted derogatory comments and promoted a token launched on a Solana-based token deployer, targeting both Mbappé’s followers and other users.

In June, wrestling star Hulk Hogan’s X account was also breached. Hackers used the account to promote a fraudulent token in a pump-and-dump scheme. During the same period, Frax Finance, a cryptocurrency lending platform, had its X account compromised, further fuelling concerns about the vulnerability of the social media platforms.

With an increasing number of high-profile incidents, including the latest Decentraland breach, concerns about cybersecurity in the crypto sector continue to grow.

The post Crypto scammers promote phishing scam on Decentraland's X account appeared first on Invezz

Read Entire Article