Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
CoinGecko Faces Brief Compromise as Phishing Scam Targets X Account, Warns Users Against Suspicious Links
Last updated: January 11, 2024 03:06 EST . 3 min read
Disclosure: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. By using this website, you agree to our terms and conditions. We may utilise affiliate links within our content, and receive commission.
Source: AdobeStock / Sergey NivensCryptocurrency data aggregator CoinGecko experienced a security breach when their account fell victim to a phishing attack.
During a brief period on January 10, a phishing scam link was posted on their X account, falsely informing users of a CoinGecko token airdrop.
The hackers promoted a new cryptocurrency called GCKO in a fraudulent post, claiming it could be used to pay for API services like the cryptocurrency ANKR. The post included a suspicious link to a token airdrop. CoinGecko acted swiftly to remove the post and users to avoid interacting with potentially harmful content.
CoinGecko further responded by posting a warning on X, stating that their Twitter accounts, CoinGecko and GeckoTerminal, had been compromised. The company took immediate steps to investigate the situation, secure their accounts, and advise users not to click on any links or engage with suspicious content.
According to CoinGecko, the breach was attributed to a team member inadvertently clicking on a fraudulent Calendly link. This action granted unauthorized access to a hacker, enabling them to post on behalf of CoinGecko.
Despite having two-factor authentication (2FA) enabled and employing robust security measures, CoinGecko said the inadvertent click on the fraudulent link allowed unauthorized access. The compromised accounts were used to disseminate misleading information and potentially engage in malicious activities.
In their official statement, CoinGecko expressed their sincere apologies for any confusion or inconvenience caused by the incident. They emphasized their commitment to the security of their platforms and the continuous improvement of internal controls. The company reassured users that steps were taken to rectify the situation ly.
Conclusively, CoinGecko urged users not to click on any links or engage with suspicious content during the period of compromise.
U.S. Securities and Exchange Commission (SEC) Twitter Account Hacked in Bitcoin ETF Scam
Moreover, this breach mirrors a similar incident that occurred a day earlier with the U.S. Securities and Exchange Commission’s (SEC) account.
On January 9, the SEC Twitter account was compromised, with scammers posting a seemingly genuine message from Chair Gary Gensler stating that the SEC had approved multiple applications for Bitcoin spot exchange-traded funds (ETFs). The post was subsequently deleted.
According to the investigation carried out by X Reviews, the breach was not due to any attacks affecting its infrastructure but instead was a result of the lack of two-factor authentication (2FA) tied to the SEC’s account.
They further stated that the incident occurred due to “an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”
However, the SEC has already approved spot Bitcoin ETF applications from ARK 21Shares, Invesco Galaxy, VanEck, WisdomTree, Fidelity, Valkyrie, BlackRock, Grayscale, Bitwise, Hashdex, and Franklin Templeton.
There was initial uncertainty regarding the legitimacy of the spot Bitcoin ETF approvals as the SEC website went down shortly after the announcement. The doubt was heightened by the previous hacking of the SEC’s official Twitter account
However, the website quickly came back online, confirming the authenticity of the approval for the spot Bitcoin ETFs.
SIM-card swap attacks remain a persistent concern in the Web3 community. These attacks involve imposters posing as legitimate account owners and contacting telecommunications issuers to switch the victim’s phone service to a number they control. This unauthorized access allows attackers to compromise social accounts associated with the targeted phone number.
Notably, in September 2023, Ethereum co-founder Vitalik Buterin’s X account was breached in a phishing attack. Scammers took control of Buterin’s account and posted a fake NFT giveaway, leading users to click a malicious link and resulting in collective losses of over $691,000.