MicroStrategy’s X account breached, hacker launches Ethereum token phishing scam

9 months ago 46
ARTICLE AD

The threat actor's wallet now holds over $329,000 worth of tokens.

The X account of business intelligence firm MicroStrategy was recently breached, with the hacker posting links to a fake Ethereum token airdrop of an “$MSTR” token.

Reports indicate that the current damage of the hack is over $440,000 based on an investigation by on-chain sleuth ZachXBT, who posted the threat actor’s suspected wallet address.

0xe7645b8672b28a17dd0d650a5bf89539c9aa28da

~$440K stolen from the compromise so far

— ZachXBT (@zachxbt) February 26, 2024

Pseudonymous crypto critic “cobie” posted in a private reply that the phishing scam was quite obvious given MicroStrategy CEO Michael Saylor’s recent bullish statements on Bitcoin.

 

At the time of writing, it appears that the posts alluded to in the thread have been deleted, with MicroStrategy seemingly regaining control over their X account. The most recent post from the account is dated February 21, with the firm promoting its new AI integrations.

The links from the fake Ethereum airdrop lead to a fake MicroStrategy webpage, which instructs users to connect their wallet and claim the fake “$MSTR” airdrop. For clarity, this is not associated with the firm’s stock listing on Nasdaq, with the same $MSTR ticker. The stock closed last week at $687, down by 3.6% over 24 hours.

If a user accepts the permissions and signs in to the web app with their Web3 wallet, the attacker is then granted access to the user’s tokens, effectively draining their funds.

Scam Sniffer, a Web3 anti-scam platform, the phishing attack’s initial target lost over $420,000 at around 7:43 EST, minutes after the link was posted on X. The funds lost were in a variety of tokens ($134,000 from Wrapped Balance AI (wBAI), $122,000 from Chintai (CHEX), and $45,000 from Wrapped Pocket Network (wPOKT).

The funds were promptly transferred to the attacker’s wallet, while two more transfers were executed and re-routed automatically to a second wallet, which was identified due to its association with the PinkDrainer hacking group. The threat actor’s wallet now holds over $329,000 worth of tokens from Ethereum, Polygon, and the aforementioned tokens. MicroStrategy is yet to issue a statement on the matter.

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Read Entire Article