A Week of Crypto Hacking: From CoinsPaid Breach to SEC Twitter Scandal (Jan 8th – Jan 14th)
The cryptocurrency heists are still going strong in the new year. However, this week’s events took an unexpected turn as hackers shifted their focus to social media platforms, particularly the Twitter accounts of reputable organizations. The result? Massive losses amounting to millions of dollars.
Join us as we delve into the unfolding events in the world of crypto hacking, uncovering the surprising nuances in the pursuit of illegal profits.
Crypto Gateway CoinsPaid: A Breach Worth $7.5 Million
UPDATE After conducting further investigations, our system has detected additional unauthorized transactions involving #BNB and @coinspaid. The hacker has managed to acquire another $1 million worth of digital assets, including 924K BSC-USD and 268.5 $BNB. In total, the losses amount to $7.5 million. Hacker’s address: [link] pic.twitter.com/xD6tg9QznK — Cyvers Alerts (@CyversAlerts) January 6, 2024
CoinsPaid, a well-known cryptocurrency payment gateway, experienced its second security breach in just six months. On January 6, multiple irregular transactions were discovered, resulting in the withdrawal of $6.1 million worth of digital assets in Tether and CoinsPaid’s native token, CPD.
The platform had previously suffered a security breach in July 2023, where a staggering $37 million was stolen. In that incident, the hackers tricked an employee into downloading a malicious code by posing as a potential job interview. This breach granted unauthorized access to CoinsPaid’s infrastructure, exposing vulnerabilities in their security protocols.
SEC Twitter Account Hack
The hack of the SEC’s Twitter account caused the price of Bitcoin to plummet from $47,000 to $45,920, raising concerns in the market. Mr. Huber accused the SEC of using the hack as an excuse to delay the decision on a Bitcoin ETF. #CryptoNews https://t.co/D7uRg5FE2l — Coinpedia (@CoinpediaNews) January 10, 2024
Bitcoin (BTC) experienced a turbulent ride, witnessing $90 million in liquidations, all thanks to fictitious tweets from a compromised SEC account announcing the approval of a Bitcoin ETF. The tweet, which was live for a brief 30 minutes, led to false reports from various news outlets and online personalities claiming that the SEC had endorsed spot Bitcoin ETFs. The unauthorized tweet has since been deleted, but its impact on the crypto market remains.
So, Who’s to Blame?
The SlowMist Security Team issued a crucial security alert in response to an increase in impersonators masquerading as journalists for phishing schemes. These scammers use broken Chinese in their communication and deploy a seemingly harmless Calendly link. Unbeknownst to victims, this link changes its name to “Calendly” upon clicking, allowing scammers to compromise Twitter accounts and share phishing links through compromised tweets. Vigilance against unfamiliar links is of utmost importance.
MangoFarm on the Radar
There are suspicions of a rug pull surrounding the MangoFarm project, as its official Twitter account is now inaccessible and losses amount to a significant $1 million. Additionally, Polychain Capital, a cryptocurrency venture capital firm, confirmed the compromise of its founder and CEO Olaf Carlson-Wee’s Twitter account. Hackers exploited this breach to spread phishing links offering false airdrops.
The security firm CertiK also fell victim to an unexpected compromise. Attackers took control of their Twitter account and disseminated false information about the vulnerability of Uniswap router contracts, along with phishing links for reentrancy attacks.
All in all…
As we conclude this week’s roundup of crypto hacks, the targeted attacks on high-profile individuals’ Twitter accounts highlight the ever-evolving strategies employed by hackers in the crypto industry. Brace yourself for more insights into the dynamic world of crypto security, where each week brings new challenges and unexpected twists. Stay tuned.
Tags: Hacks, Weekly-RoundUp