Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » DeFi » CertiK’s X account gets hacked, sends out fake vulnerability warning about Uniswap

CertiK's X account gets hacked, sends out fake vulnerability warning about Uniswap

by

CertiK appears to have regained control of its account shortly after removing the fake tweets.

CertiK's X account gets hacked, sends out fake vulnerability warning about Uniswap

Share this article

CertiK Ltd., a blockchain security auditing firm, suffered a security breach earlier today as yet unidentified hackers compromised its official X (formerly Twitter) account to distribute phishing links to its hundreds of thousands of followers.

The breach was confirmed by Revoke.cash, a smart contract tool that provides token approval for cross-chain security.

The infiltrated CertiK account posted tweets warning users of a fake vulnerability in the smart contract code for Uniswap V3, a prominent decentralized cryptocurrency exchange (DEX). It then directed users to a fraudulent website impersonating Revoke.cash.

In its statement on the breach, Revoke confirmed that Uniswap itself was not compromised. This incident raises questions surrounding CertiK’s own defenses and standard security practices. Just two days prior, the company published its 2023 hacking report, meant to highlight industry threats.

Independent crypto journalist Colin Wu (Wu Blockchain) also confirmed the breach, adding that the official CertiK Discord site was recently hacked and replaced with a fake Discord promoting phishing links. CertiK’s alerts account on X also confirmed that the main account was breached and warned users to avoid interacting with the compromised account.

While the motive behind the hack hasn’t been established, the coordinated effort indicates thieves were attempting to use CertiK’s reputation to lend legitimacy to their phishing scams focused on draining user cryptocurrency accounts.

CertiK appears to have regained control of its account shortly after removing the fake tweets. Despite this, the high-profile breach highlights the crypto industry’s ongoing vulnerability to hackers, which has resulted in stolen funds worth over $3.8 billion in the last year alone. The blockchain security auditing firm has issued a statement about the incident, saying their investigation indicates that the breach is a “large scale ongoing attack” that deploys social engineering through Calendly, a scheduling app.

Simple Security Practices

In light of this incident, here are a few security tips that may be useful to keep in mind, especially when dealing with crypto wallets and decentralized services.

Enable Multi-Factor Authentication

Adding an extra layer of identity confirmation beyond just a password through options like biometrics, security keys or authentication apps can prevent unauthorized account access even if login credentials are compromised. This is recommended especially for social platforms such as X.

Be Wary of Suspicious Links & Attachments

Scrutinize links purporting to offer cryptocurrency services, deals, or Web3 ecosystem news, especially if received over social media. Verify an offer’s authenticity through official channels before clicking. Also, avoid opening unsolicited attachments which may contain malware.

Use a Reputable Password Manager

Storing account credentials in a highly secure, encrypted password manager app helps users create and manage strong, unique passwords for each service, mitigating the effectiveness of password reuse in phishing schemes. Features like auto log-out further limit access, although this might get in the way of ease of use.

Keep Software Up-To-Date

Maintaining current versions of operating systems, antivirus software, and crypto wallet apps ensures known exploits are patched before hackers can capitalize on these vulnerabilities at scale. Automating updates streamlines this maintenance.

Leverage Cold Storage for Holdings

Keeping the majority of cryptocurrency holdings in cold storage hardware wallets disconnected from the internet reduces attack surfaces. Even if account credentials are exposed, funds not held in hot wallets stay secure.

Note: This story is developing. The Crypto Briefing team will update this article as necessary to maintain veracity.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.