Web3 security agency CertiK encountered scammers who successfully hijacked its Twitter account and shared malicious links to fake versions of the Revoke.cash project.
Warning: Our team discovered that the Uniswap Router contract is vulnerable to a reentrancy vulnerability that allows an attacker to move anyone’s tokens with approval from the Uniswap contract.
Use @RevokeCash to revoke any vulnerable approvals.
https://grahamcluley.com/certik-twitter-account-hijacked-by-cryptocurrency-scammer-posing-as-forbes-journalist/
Security audit firm CertiK, whose main Twitter account has more than 340,000 followers, issued a warning that its tweets should not be trusted at this time.
#CertiKSkynetAlert
We are currently investigating the breach of our X account @CertiK
Please do not interact with any posts until we have confirmed the security of your account
Revoke.cash project also Warning about CertiK account compromiseand direct the follower to Topics from last November About the “insane” number of fake websites and Twitter accounts it’s seen masquerading as themselves in an attempt to drain the wallets of cryptocurrency investors.
in a later one tweetCertiK shared details of what it believes happened.
CertiK claimed that one of its employees was contacted via a private message on Twitter posing as a journalist. Forbesasking them if they would like to participate in an interview.
Later, a scam link was shared that led to a fake version of the Calendy service that prompted users to link their Twitter accounts in order to schedule meetings.
Fortunately, CertiK realized their mistake within minutes, removed the tweet posted by the scammer, and secured their account.
It’s worth noting that CertiK’s Twitter account has a golden check mark, indicating that it is an official organization or company.
Today, gold checkmarks are generally considered more trustworthy than blue ones, and Elon Musk is happy to sell them to any con man or Tom, Dick who is prepared to pay a few bucks a month (or use a stolen credit card) Or Nazis.
Researchers at CloudSEK recently published a report on a black market offering stolen gold Twitter accounts for around $2,000.
As the report states, hackers also compromised dormant accounts, locked out their rightful owners, and subscribed to 30-day gold checkmarks in order to sell the accounts to others.
CertiK isn’t the only tech company to find itself in trouble over Twitter account ownership issues in recent days. Around the same time the CertiK account was hijacked, hackers took control of accounts at cybersecurity giant Mandiant in order to direct followers to another wallet-draining scam site.
