MicroStrategy’s Twitter Account Hacked: Fraudulent Ethereum Airdrop Scam Results in $424K Stolen

MicroStrategy’s Twitter account was hacked, resulting in a fake airdrop and the theft of approximately $450,000 in cryptocurrency. The hackers utilized a fraudulent website and deceived users into connecting their wallets. This incident emphasizes the growing prevalence of Twitter hacks and the need for users to exercise caution.

Recently, MicroStrategy’s X account fell victim to hackers who orchestrated a fake airdrop of the “official” Ethereum-based MSTR coin. Although the malicious links were swiftly removed, the financial damage has already amounted to nearly half a million dollars.

The hack was first brought to the attention of the crypto community by an anonymous user named Spreek. Notorious on-chain investigator ZachXBT confirmed the hack and reported that the stolen amount was approximately $440,000. Additional information was provided by the web3 anti-scam platform, scam sniffer, revealing that the hacker stole various altcoins, resulting in a total loss of $424,786 worth of $wBAI, $wPOKT, and $CHEX.

What is particularly surprising is that a single user lost such a significant amount of cryptocurrency, underscoring the severity of the hack.

The fraudulent airdrop post deceived users by offering links to a counterfeit “official” Ethereum-based MSTR token airdrop. Clicking on these links redirected users to a fake MicroStrategy page, urging them to connect their wallets in order to participate in the airdrop. Unbeknownst to them, this allowed the attackers to drain their tokens.

Experts speculate that the victim may have unknowingly signed a Uniswap Permit2 permit batch signature, which granted broad token approvals to the spender. While MicroStrategy has not officially confirmed the hack, they promptly deleted the compromised post upon being notified.

This incident adds to the growing number of Twitter account breaches, with official handles being particularly vulnerable. In a recent case, the official Twitter handle of the Securities and Exchange Commission (SEC) was compromised. The breach coincided with the highly anticipated approval of the spot Bitcoin Exchange-Traded Fund (ETF), causing confusion among investors due to a false announcement from the hacked SEC handle.

Investigations revealed that the breach occurred because an unidentified party gained control of a phone number associated with the SEC account through a third-party service. The lack of two-factor authentication at that time increased the account’s vulnerability.

Given that MicroStrategy now joins the list of phishing attack victims in 2024, there is an urgent need for enhanced security measures across all communication channels targeted by hackers. Users are strongly advised to exercise caution, verify the credibility of links before clicking, and remain vigilant against potential threats. This incident highlights the importance of proactive security measures in the ever-evolving landscape of cyber threats.