Crypto hacks on X show no sign off slowing down in 2024
protos.com 12 January 2024 17:30, UTC
Just 12 days into 2024, X (formally Twitter) has experienced a myriad of hacked accounts that post crypto scams — a trend spilling over from 2023.
High-profile accounts, from government agencies to celebrities, have all been targeted by hackers to promote scams, crypto tokens, or just troll followers unaware of the misinformation at play.
Here’s a series of crypto-related hacks that have already taken place this year.
SEC posts fake bitcoin ETF approval
On January 10, the X account of the Securities and Exchange Commission (SEC) claimed it had approved spot bitcoin ETFs — a highly anticipated event in bitcoin history that sent its price momentarily rocketing.
However, minutes later, the SEC clarified the post was fake and that its account was compromised, bringing BTC’s price down. Investigators at X claimed that an “unidentified individual” had access to the account’s associated phone number and that two-factor authentication wasn’t set up.
The @SECGov twitter account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.
— Gary Gensler (@GaryGensler) January 9, 2024
Speculators first theorized that the post was a draft prematurely released, which the SEC denies. Senators hinted that the SEC might’ve manipulated the market, while some think the hack was simply a gag.
Now, the Federal Bureau of Investigations and other law enforcement entities are investigating the compromise.
CoinGecko hacked with calendar meetup
On that same evening, crypto exchange CoinGecko announced that its socials were hacked as well. It told users not to click any links.
Users on X claim the CoinGecko account posted a phishing link pretending to distribute the $GECKO token, a name taken from a separate, unaffiliated crypto project.
Five hours later, CoinGecko revealed that its accounts were secure and that its staff had clicked on a fraudulent Calendly link which gave the hacker access to the account. The exchange stressed it had 2FA enabled.
CertiK hack panicked users
Another Calendly link was used to hack the account of crypto auditing firm CertiK on January 5. In this case, an employee was baited by an account posing as a Forbes journalist.
Hackers were granted access to CertiK’s X account where they panicked users into clicking on a wallet-draining link. They pretended that a Uniswap contract attack was underway and that their phishing link would help recover any lost funds.
A verified account, associated with a well-known media, contacted one of our employees. Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee.
We quickly detected the breach and deleted the related tweets within minutes. Our… pic.twitter.com/aO7GQjXEz2
— CertiK (@CertiK) January 5, 2024
Government accounts from the UK, Canada, and Brazil have also been hacked to promote various crypto tokens and schemes this month. They all share the grey checkmark used to signal government authority, making it harder for users to spot a fake post.
The X account of the UK Green party’s deputy leader Zack Polanski was hacked to seemingly promote a crypto token. Canadian senator Amina Gerba’s X account was rebranded into a crypto scam promoting the “LFG” project, and Brazil’s Member of the Chamber of Deputies, Ubiratan Sanderson, was also hacked and temporarily promoted a crypto project known as Dymension.
Polanksi said X should “protect the site’s users more robustly and restore accounts more quickly,” adding that “it’s important people are able to engage with their elected representatives’ work through social media.”
2023’s greatest hits
An honorable mention from last year has to be the time Donald Trump Jr’s X account was hacked to falsely claim that former president Donald Trump Sr had died. It posted, “I’m sad to announce, my father Donald Trump has passed away. I will be running for president in 2024.”
The account also proclaimed that Richard Heart was innocent while adding threats that it would “burn the SEC.” It used a racial slur to describe Joe Biden, claimed to have had sex with Logan Paul’s partner, and alleged it had exchanged “interesting messages” with Jeffrey Epstein.
Donald Trump Jr. Account hacked or high af. You be the judge. pic.twitter.com/c0TFWbFJb7
— 🕊️💞Dannie D💞🕊️ (@DannieD01) September 20, 2023
Not even the dead are safe, as the X account of UK comedian Neil Innes, ‘unofficial seventh member of Monty Python,’ was hacked to promote a load of bitcoin spam posts.
Comedian Dave Gorman uncovered the hack, noting “This shyster’s got hold of his account, changed the name, and is using it to plug crypto stuff that is probably crooked.” He added, “After all, if it was legit, you probably wouldn’t need to steal access to the account of a deceased comedy legend.”