MicroStrategy Twitter Account Hack: $424K Looted in Fake Ethereum Airdrop Scam

MicroStrategy‘s X account was recently hacked, leading to a fake airdrop of the “official” Ethereum-based MSTR coin. Despite quickly removing the malicious links, the financial damage has already reached a hefty sum of almost half a million dollars.

Here are the details.

Spreek Raises Alarm

Anonymous crypto user Spreek was the first to notify the crypto community of the hack. Infamous on-chain investigator ZachXBT confirmed the hack and reported the lost amount to be around $440k. Web3 anti-scam platform scam sniffer shed more details and revealed that the hacker stole multiple altcoins and that the exact loss was $424,786 worth of $wBAI, $wPOKT and $CHEX.

What is surprising is that a single user lost all this crypto, highlighting the intensity of the hack.

The fraudulent airdrop post deceived users with links to a counterfeit “official” Ethereum-based MSTR token airdrop. Clicking on these links directed users to a fake MicroStrategy page, urging them to connect their wallets for the airdrop, unknowingly allowing attackers to drain their tokens.

Experts suspect that the victim may have unknowingly signed a Uniswap Permit2 permit batch signature, granting broad token approvals to the spender. While MicroStrategy hasn’t officially confirmed the hack, they acted promptly by deleting the compromised post upon notification.

Also Read: MicroStrategy’s Michael Saylor Reveals His Ultimate Bitcoin Exit Strategy

Twitter Hacks Continue

The incident adds to the increasing occurrences of Twitter account breaches, with official handles being prime targets. In a recent case, the official Twitter handle of the Securities and Exchange Commission (SEC) was compromised. The breach coincided with the highly anticipated approval of the spot Bitcoin Exchange-Traded Fund (ETF), causing confusion among investors due to a false announcement from the hacked SEC handle.

Investigations revealed that the breach occurred because an unidentified party gained control over a phone number associated with the SEC account through a third-party service. Lack of two-factor authentication at the time increased the vulnerability.

Call for Increased Security Measures in 2024

With MicroStrategy now part of the growing list of phishing attack victims in 2024, there is an urgent need for enhanced security measures across all communication channels targeted by hackers.

Users are strongly advised to exercise caution, verifying the credibility of links before clicking, and maintaining vigilance against potential threats. The incident draws out the importance of proactive security measures in the ever-evolving landscape of cyber threats.

Read More About This: Weekly Crypto Hack Update: Hackers Exploit Mixers, PlayDapp, and More

It’s a scary world out there. How are you keeping safe?