A phishing link was posted on the X account of blockchain-focused cybersecurity firm Certik after a bad actor hacked into the protocol’s social media profile.
In a new announcement, the cybersecurity company says that a “verified account associated with well-known media” was able to hack into one of their employee’s X accounts, using it to post links to phishing scams.
Certik says that the phishing link was removed just 14 minutes after it went up and that no significant losses arose from the exploit.
“A verified account, associated with a well-known media [outlet], contacted one of our employees.
Unfortunately, it appears that this account was compromised, leading to a phishing attack on our employee. We quickly detected the breach and deleted the related tweets within minutes…
According to our investigation, there is no significant loss due to this incident.”
However, according to blockchain detective ZachXBT, the original direct message clicked on by the Certik employee was showing signs that it was dangerous.
“Why did you (Certik) not find the ‘well-known media’ account that contacted you suspiciously since they had not posted since April 2020 (clearly compromised)? Will Certik be reimbursing victims?
Certik replied by saying that those affected by the exploit should reach out to them.
“While it’s easy to point the finger after a phishing attack, the reality is that these scams are designed to exploit human trust and vulnerabilities. That is why we are dedicated to building strong security systems and empowering users to recognize and avoid these threats.
Combating phishing requires a united front. We encourage those affected during the recent Twitter incident to reach out to us.”