MicroStrategy, a well-known analytics and business intelligence company, fell victim to a sophisticated phishing scam, resulting in significant cryptocurrency losses. Attackers used MicroStrategy’s official X account to endorse fake Ethereum token airdrops.
This fraudulent strategy tricked people into unintentionally giving up authority over their digital assets. The fraud has resulted in over £440,000 in losses so far, underscoring the growing crypto risks confronting attackers exploiting trusted companies.
The hackers advertised an airdrop for a non-existent token named “MSTR” using MicroStrategy’s account. By offering free allocations, they tricked users into clicking on false links.
These links sent victims to a fake homepage where they were instructed to join their Web3 wallets, so unintentionally granting the threat actors access to take money as soon as they connected.
A victim lost $424,786 worth of cryptocurrency. Two transfers were immediately forwarded to a further wallet associated with the notorious hacker collective, PinkDrainer, while one transfer found its way into the hands of the MicroStrategy attacker.
An investor mistakenly accepted a transaction that sent a large sum of bitcoin to a scammer’s wallet. This contained $134,000 worth of Wrapped Balance AI (wBAI), $122,000 worth of Chintai (CHEX), and $45,000 in Wrapped Pocket Network (wPOKT).
The MicroStrategy attacker’s wallet address had $329,000 in Ethereum-based tokens, according to Ethereum DeBank at the time of publication.
The tweets no longer appear on MicroStrategy’s official X account. This event made people in the community question if the company added two-factor authentication (2FA) to its X account.
Critics say that people should have recognised that the tweets were fraudulent. It appears strange for MicroStrategy, a constant Bitcoin promoter with a sizable BTC ownership, to launch an Ethereum-based token.
MicroStrategy attackers exploit major accounts in cryptocurrency scams
The incident is just another example of hackers taking advantage of the confidence between renowned crypto players and their followers on social media. Scammers exploit vulnerabilities in security by taking over legitimate accounts and spreading convincing phishing links.
The U.S. Securities and Exchange Commission’s (SEC) account was hacked on January 9, which is similar to the recent attack. The SEC approved multiple requests for Bitcoin spot exchange-traded funds (ETFs), according to a letter released by scammers that seemed to be legitimate and came from Chair Gary Gensler.
The co-founder of Ethereum, Vitalik Buterin, lost his X account to a breach in September 2023. To exploit this security flaw, the attackers performed a SIM swap attack. They advertised a phishing website and eventually stole almost $700,000 from vulnerable victims.
The rise in social media scams highlights how important it is to strengthen security measures, encourage open communication, and increase user awareness. Experts highly recommend adopting a cautious attitude while dealing with online advertising, regardless of the source. It is crucial to independently confirm validity before entering any sensitive information.
Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by enhancing user awareness about these types of attacks. Phishing Tackle is a great resource that can assist you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks.
Although technology can be helpful, it cannot spot 100% of phishing emails. Therefore, user education is essential to minimising the impact of any successful attacks. Consulting with Phishing Tackle can provide valuable insights and tools to help you strengthen your defenses against phishing attacks.