Decentraland users have fallen victim to a phishing scam following the compromise of their official X account. Hackers were spreading fake links posing as a MANA airdrop while other prominent accounts were also hacked, and the Ethena website faced front-end attacks.
Phishing Scam on Decentraland Account
Blockchain security firm PeckShield recently reported that Decentraland's official X account was compromised, and attackers circulated a phishing link disguised as a MANA token airdrop. The malicious link directed users to a fraudulent website, urging them to connect their wallets to claim the tokens, only to have their funds stolen afterward. PeckShield advised users to avoid interacting with the compromised account and not to click on the phishing link, and to wait for an official update from Decentraland confirming the account's restoration. The scam surfaced on September 19 at 01:50 AM UTC, when a post announcing the fake MANA airdrop was pinned to the Decentraland X account. The attackers made the scam seem more legitimate by claiming that comments were turned off due to malicious links. Before the takeover, Decentraland's last legitimate post was published on September 18 at 10:00 PM UTC and was about some community fashion trends on the platform.
Hackers Breach High-Profile Accounts
On September 18, a group of crypto scammers hacked several high-profile social media accounts, including Lenovo India, Yahoo News UK, MoneyControl, Oliver Stone, People, and Krystal DeFi, to promote a Solana meme coin called HACKED. Unlike typical account hacks, the scammers openly admitted to the breach and encouraged users to participate in pumping the token for profits. Despite their brazen strategy, the attempt was unsuccessful as the scammers reportedly made only $8,000. According to blockchain investigator ZachXBT, top traders made less than $1,000, and HACKED's market cap reached just $67,000 before plummeting. ZachXBT speculated that the hacked accounts might have granted permissions to the same site or app, and urged users to revoke unnecessary app permissions for security. Over the past year, accounts of well-known crypto entities like MicroStrategy, Algorand, Rocket Pool, Compound Finance, Ava Labs, and even Ethereum co-founder Vitalik Buterin, have all been compromised.
Ethena Website Compromised
On September 18, the Ethena website was also compromised in a front-end exploit. This prompted Ethena Labs to advise users not to interact with any site or app claiming to be Ethena. The company revealed that its domain registrar account was compromised, which led to the deactivation of the website until the issue is resolved. Ethena Labs reassured users that the protocol itself remained secure and that customer funds were not affected. Security firm Blockaid also issued a warning to users connected to the site at the time of the exploit, advising them to disconnect their wallets and avoid signing any transactions. Additionally, MetaMask alerted users to fake sites attempting to steal seed phrases and passwords, and flagged the Ethena website as deceptive.
These incidents are part of a larger surge in hacks and phishing attacks targeting crypto platforms and their users in 2024. Users are advised to exercise extreme caution and vigilance when interacting with online services and social media accounts to protect their assets and data.
Comments