Cryptocurrency data aggregator CoinGecko experienced a security breach when their account fell victim to a phishing attack.
During a brief period on January 10, a phishing scam link was posted on their X account, falsely informing users of a CoinGecko token airdrop.
The hackers promoted a new cryptocurrency called GCKO in a fraudulent post, claiming it could be used to pay for API services like the cryptocurrency ANKR. The post included a suspicious link to a token airdrop. CoinGecko acted swiftly to remove the post and alert users to avoid interacting with potentially harmful content.
Our Twitter accounts @CoinGecko and @GeckoTerminal have been compromised. We’re taking immediate steps to investigate the situation and secure our accounts.
Please DO NOT click on any links or engage with suspicious content. Your security is our top priority.
We’ll keep you…
— CoinGecko (@coingecko) January 10, 2024
CoinGecko further responded by posting a warning on X, stating that their Twitter accounts, CoinGecko and GeckoTerminal, had been compromised. The company took immediate steps to investigate the situation, secure their accounts, and advise users not to click on any links or engage with suspicious content.
UPDATE: We’d like inform you that both our accounts, @CoinGecko and @GeckoTerminal, have been successfully secured.
Despite having 2FA enabled and implementing robust security measures, one of our team members clicked on a fraudulent Calendly link by accident, granting…
— CoinGecko (@coingecko) January 10, 2024
According to CoinGecko, the breach was attributed to a team member inadvertently clicking on a fraudulent Calendly link. This action granted unauthorized access to a hacker, enabling them to post on behalf of CoinGecko.
Despite having two-factor authentication (2FA) enabled and employing robust security measures, CoinGecko said the inadvertent click on the fraudulent link allowed unauthorized access. The compromised accounts were used to disseminate misleading information and potentially engage in malicious activities.
In their official statement, CoinGecko expressed their sincere apologies for any confusion or inconvenience caused by the incident. They emphasized their commitment to the security of their platforms and the continuous improvement of internal controls. The company reassured users that steps were taken to rectify the situation promptly.
Conclusively, CoinGecko urged users not to click on any links or engage with suspicious content during the period of compromise.
U.S. Securities and Exchange Commission (SEC) Twitter Account Hacked in Bitcoin ETF Scam
Moreover, this breach mirrors a similar incident that occurred a day earlier with the U.S. Securities and Exchange Commission’s (SEC) account.
On January 9, the SEC Twitter account was compromised, with scammers posting a seemingly genuine message from Chair Gary Gensler stating that the SEC had approved multiple applications for Bitcoin spot exchange-traded funds (ETFs). The post was subsequently deleted.
According to the investigation carried out by X Reviews, the breach was not due to any attacks affecting its infrastructure but instead was a result of the lack of two-factor authentication (2FA) tied to the SEC’s account.
They further stated that the incident occurred due to “an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”
However, the SEC has already approved spot Bitcoin ETF applications from ARK 21Shares, Invesco Galaxy, VanEck, WisdomTree, Fidelity, Valkyrie, BlackRock, Grayscale, Bitwise, Hashdex, and Franklin Templeton.
There was initial uncertainty regarding the legitimacy of the spot Bitcoin ETF approvals as the SEC website went down shortly after the announcement. The doubt was heightened by the previous hacking of the SEC’s official Twitter account.
However, the website quickly came back online, confirming the authenticity of the approval for the spot Bitcoin ETFs.
SIM-card swap attacks remain a persistent concern in the Web3 community. These attacks involve imposters posing as legitimate account owners and contacting telecommunications issuers to switch the victim’s phone service to a number they control. This unauthorized access allows attackers to compromise social accounts associated with the targeted phone number.
Notably, in September 2023, Ethereum co-founder Vitalik Buterin’s X account was breached in a phishing attack. Scammers took control of Buterin’s account and posted a fake NFT giveaway, leading users to click a malicious link and resulting in collective losses of over $691,000.