The X account belonging to business intelligence giant MicroStrategy fell victim to a sophisticated hacking incident, leading to fraudulent activities and substantial financial losses exceeding $440,000.
On the morning of February 26, MicroStrategy’s X account, boasting over 196,000 followers, was reportedly compromised by malicious actors. Exploiting the account’s extensive reach, the hackers flooded it with posts containing links purporting to offer an airdrop of an Ethereum-based MSTR token, falsely presented as MicroStrategy’s ‘official’ cryptocurrency.
Once users clicked on these deceptive links, they were redirected to a counterfeit MicroStrategy webpage. On this fraudulent site, users were prompted to connect their Web3 wallets to claim the alleged MSTR airdrop. Unfortunately, consenting to these wallet permissions enabled the attackers to drain the tokens from the victim’s wallets automatically.
Independent blockchain investigator ZackXBT and anti-scam platform Scan Sniffer collaborated to assess the impact of the scam. Reports from Scan Sniffer indicated that losses had already surpassed $440,000. Notably, within minutes of the initial malicious link being posted, one unfortunate user incurred a staggering loss of $424,786.
The victim’s transaction history revealed a transfer of funds, including $134,000 worth of Wrapped Balance AI (wBAI), $122,000 worth of Chintai (CHEX), and $45,000 of Wrapped Pocked Network (wPOKT), among other cryptos. These funds were sent to the primary attacker’s wallet and rerouted to a second wallet associated with the notorious hacking group PinkDrainer.
As of now, the company has not issued an official statement addressing the security breach. While an investigation into the incident is anticipated, the recovery of the stolen funds remains uncertain. The involvement of a notorious hacker group, PinkDrainer, adds complexity to the situation.
Experts emphasise the importance of exercising caution when engaging with crypto-related links and airdrops. Despite clear indicators that the airdrop was deceptive, users fell victim to the scam.
There has been a rise in crypto scams lately. Only this month was it reported that a fake exit scam- BRICS crypto token– was used to lure victims.
Another way the scammers target people is by hacking into the accounts of prominent and trustworthy X accounts. Before MicroStrategy, the X account of Mandiant, a cybersecurity company, was hacked and used to promote crypto scams.
In the News: Google Pay discontinued in USA in favour of Google Wallet