January 5, 2024.
CertiK, a blockchain security firm, fell victim to a social engineering attack as threat actors hijacked its gold-verified Twitter account with over 343,000 followers. The attackers, using a compromised account associated with a well-known media figure, engaged CertiK in a phishing attempt under the guise of a Forbes interview. The phishing link led to a fake scheduling site aimed at stealing employee credentials. After taking control of CertiK’s account, the threat actors posted a phishing message warning about a supposed vulnerability in the Uniswap Router contract, linking to a wallet drainer. CertiK quickly deleted the malicious tweet, but the incident is part of a larger-scale social engineering campaign affecting multiple accounts. The rise in such attacks, even targeting verified accounts with two-factor authentication, underscores the importance of vigilance against social engineering exploits.
CertiK phishing message (Wallet Guard)