• A phishing link was posted by the hacker on CertiK’s social media handle on X (twitter).
• A social engineering assault on one of the firm’s workers was the cause of the vulnerability.

CertiK, a firm that audits blockchain security, had a major breach on January 5, 2024. The hacking of the business’s social media account happened in the wee hours of Friday. The hacker used this vulnerability to start a phishing campaign, sending fake messages to CertiK’s followers.

A phishing link was posted by the hacker on CertiK’s social media handle on X (twitter). The message urged users to terminate access after falsely claiming that CertiK had discovered a vulnerability in the Uniswap router. Users clicked on the link without realizing they were linking their wallets to a malicious smart contract that would steal their money.

Social Engineering Assault

The event has caused waves within the crypto community, even though control of the impacted accounts was quickly regained. Customers have high expectations for CertiK’s operational security measures due to the company’s stellar reputation in the blockchain security industry.

CertiK has been under investigation for security issues before. A crypto wallet drainer occurred in December when the company inadvertently put a phony Discord link on its website. Only after the community reported the link for its harmful purpose was it deleted.

A statement outlining the circumstances surrounding the most recent breach was issued by CertiK several hours after the occurrence. A social engineering assault on one of the company’s workers was the root cause of the vulnerability, according to the business.

The Twitter handle of CertiK was hacked when an account that was verified but had its security breached was used to contact the organization. The hacker was able to get CertiK’s login credentials due to this oversight.

Highlighted Crypto News Today:

Spain’s Central Bank Initiates Wholesale CBDC Pilot Initiative