We’re Giving out 10 BTC in Rewards until the Bitcoin Halving

Learn More

MicroStrategy’s Twitter account breached, hacker launches 'MSTR' token phishing scam

The threat actor's wallet now holds over $329,000 worth of tokens.

MicroStrategy’s Twitter account breached, hacker launches 'MSTR' token phishing scam

Share this article

The X account of business intelligence firm MicroStrategy was recently breached, with the hacker posting links to a fake Ethereum token airdrop of an “$MSTR” token.

Reports indicate that the current damage of the hack is over $440,000 based on an investigation by on-chain sleuth ZachXBT, who posted the threat actor’s suspected wallet address.

Pseudonymous crypto critic “cobie” posted in a private reply that the phishing scam was quite obvious given MicroStrategy CEO Michael Saylor’s recent bullish statements on Bitcoin.


At the time of writing, it appears that the posts alluded to in the thread have been deleted, with MicroStrategy seemingly regaining control over their X account. The most recent post from the account is dated February 21, with the firm promoting its new AI integrations.

The links from the fake Ethereum airdrop lead to a fake MicroStrategy webpage, which instructs users to connect their wallet and claim the fake “$MSTR” airdrop. For clarity, this is not associated with the firm’s stock listing on Nasdaq, with the same $MSTR ticker. The stock closed last week at $687, down by 3.6% over 24 hours.

If a user accepts the permissions and signs in to the web app with their Web3 wallet, the attacker is then granted access to the user’s tokens, effectively draining their funds.

Scam Sniffer, a Web3 anti-scam platform, the phishing attack’s initial target lost over $420,000 at around 7:43 EST, minutes after the link was posted on X. The funds lost were in a variety of tokens ($134,000 from Wrapped Balance AI (wBAI), $122,000 from Chintai (CHEX), and $45,000 from Wrapped Pocket Network (wPOKT).

The funds were promptly transferred to the attacker’s wallet, while two more transfers were executed and re-routed automatically to a second wallet, which was identified due to its association with the PinkDrainer hacking group. The threat actor’s wallet now holds over $329,000 worth of tokens from Ethereum, Polygon, and the aforementioned tokens. MicroStrategy is yet to issue a statement on the matter.

Share this article