Blockchain Security Firm CertiK’s Twitter Account Hijacked in Social Engineering Attack

January 5, 2024.

CertiK, a blockchain security firm, fell victim to a social engineering attack as threat actors hijacked its gold-verified Twitter account with over 343,000 followers. The attackers, using a compromised account associated with a well-known media figure, engaged CertiK in a phishing attempt under the guise of a Forbes interview. The phishing link led to a fake scheduling site aimed at stealing employee credentials. After taking control of CertiK’s account, the threat actors posted a phishing message warning about a supposed vulnerability in the Uniswap Router contract, linking to a wallet drainer. CertiK quickly deleted the malicious tweet, but the incident is part of a larger-scale social engineering campaign affecting multiple accounts. The rise in such attacks, even targeting verified accounts with two-factor authentication, underscores the importance of vigilance against social engineering exploits.

CertiK phishing message (Wallet Guard)

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top