Cyber Defense Advisors

CertiK Twitter account hijacked by cryptocurrency scammer posing as Forbes journalist

Web3 security outfit CertiK has fallen foul of scammers, who managed to hijack its Twitter account to share a malicious link to a fake version of the Revoke.cash project.

WARNING: Our team has found the Uniswap Router contract to be vulnerable to a reentrancy exploit, allowing attackers to move anyone’s tokens if approved to the Uniswap contract.

Use @RevokeCash in order to revoke any vulnerable approvals.

[LINK]

Security-auditing company CertiK, which boasts over 340,000 followers on its main Twitter account, posted a warning that its tweets should not currently be trusted.

#CertiKSkynetAlert

We are currently investigating a compromise of our X account @CertiK

Do not interact with any posts until we have confirmed the account is secure

The Revoke.cash project also warned about the compromise of CertiK’s account, and directed followers to a thread from last November about the “insane” number of impersonation websites and Twitter accounts it ahd seen masquerading as itself in an attempt to drain cryptocurrency investors’ wallets.

In a later tweet, CertiK shared details of what it believed had happened.

CertiK claimed that one of its employees had been contacted by a Twitter DM by someone posing as reporter with Forbes, asking if they wished to participate in an interview.

A scam link was then shared which went to a bogus version of the Calendy service, which – in order to schedule a meeting – prompted the user to link their Twitter account.

Fortunately, CertiK realised its mistake within minutes, deleted the tweets made by the scammers, and secured their account.

What’s worth noting is that CertiK’s Twitter account has a gold checkmark, indicating that it is an official organisation or company.

Gold checkmarks are generally considered more trustworthy than blue checkmarks these days, which Elon Musk is happy to sell to any scammer or Tom, Dick, or Nazi who is prepared to cough up a few dollars per month (or use a stolen credit card).

Researchers at CloudSEK recently issued a report about the black market which has emerged offering compromised gold Twitter accounts for around $2,000.

As the report describes, hackers are also compromising dormant accounts, locking out their legitimate owners, and subscribing to a gold checkmark for 30 days in order to sell the accounts to others.

CertiK wasn’t the only tech firm to be struggling with the ownership of its Twitter account in recent days. At around the same time as the CertiK account was hijacked, hackers seized control of cybersecurity giant Mandiant’s account – in order to point followers towards another wallet-draining scam website.