MicroStrategy Loses $424,000 in Ethereum Airdrop Scam After Twitter Account Hack
MicroStrategy’s X account has fallen victim to a cyberattack, as hackers posted malicious links to a fraudulent airdrop of an “official” Ethereum-based MSTR coin. Although the links were later removed, the losses have already amounted to nearly $500,000.
Anonymous crypto user Spreek was the first to alert the crypto community about the hack, and renowned on-chain investigator ZachXBT confirmed the incident, reporting a loss of approximately $440,000. Web3 anti-scam platform scam sniffer provided further details, revealing that the hacker stole multiple altcoins, resulting in an exact loss of $424,786 worth of $wBAI, $wPOKT, and $CHEX. The fact that a single user lost such a significant amount of cryptocurrency highlights the severity of the hack.
The fraudulent airdrop post deceived users with links to a counterfeit “official” Ethereum-based MSTR token airdrop. Clicking on the link redirected users to a fake MicroStrategy page, which prompted them to connect a wallet for the airdrop. This allowed the attackers to drain the tokens.
Experts speculate that the victim may have signed a Uniswap Permit2 permit batch signature, which grants multiple token approvals to the spender. Although the MicroStrategy team has not officially confirmed the hack, they promptly deleted the post upon notification.
It appears that Twitter has become a favored platform for hackers once again. Official accounts are increasingly falling victim to cyberattacks. In a recent incident, the official Twitter handle of the Securities and Exchange Commission (SEC) was breached.
The timing of the attack was particularly significant as it occurred just before the expected approval of the spot Bitcoin Exchange-Traded Fund (ETF). A tweet from the compromised SEC handle falsely announced the approval of the ETF, causing confusion among investors.
Investigations revealed that the breach occurred due to an unidentified party gaining control over a phone number associated with the SEC account through a third-party service. At the time of the compromise, the SEC account did not have two-factor authentication.
With MicroStrategy now joining the growing list of phishing attack victims in 2024, it is crucial to implement robust security measures across all communication channels used by hackers. Users are always advised to verify the credibility of links before clicking on them and remain vigilant at all times.