- Hackers have breached the security of Microstrategy’s X account and are promoting a fake token airdrop
- The malicious actors are using the airdrop to steal funds from connected wallets
- Unsuspecting Microstrategy X account followers have lost over $400,000
Malicious actors have taken hold of Microstrategy’s X account in their quest to steal assets from web3 users. The hackers breached the business intelligence firm’s X account yesterday February 25 and started promoting a fake Ethereum token airdrop. Unsuspecting followers who interacted with the links provided saw their crypto wallets drained with one such victim losing about $420,000, an indication that scammers are preying on the trust of Microstrategy’s X account followers.
A Phony Microstrategy Website
According to on-chain investigator Scam Sniffer, the individual who lost over $420,000 clicked a link “from the compromised Microstrategy X account.” Another blockchain sleuth, ZachXBT, estimated that the malicious actors have cumulatively stolen approximately $440,000 “so far.”
there was a second best after all
(hacked acc if not obvious lol) pic.twitter.com/cdLqbqiiCO
— Spreek (@spreekaway) February 26, 2024
Entities that investigated the trail of events reported that the malicious links directed followers to a phony Microstrategy website. The website asked visitors to connect their wallets to be able to claim the free tokens, after which their funds were drained.
Microstrategy seems to have taken back control of the account since the scammers’ posts were missing at the time of writing. The firm is, however, yet to provide a statement about the incident.
The hack comes barely two weeks after researchers unearthed the bit-flip attack used by scammers to drain crypto wallets. The new tactic enables malicious actors to change a transaction’s details after signing.
SEC Blames a SIM Swap Attack
Microstrategy isn’t the first crypto-affiliated firm whose X account has been compromised. Ethereum-based staking platform Rocket Pool, for example, recently suffered the same attack with hackers directing followers to a wallet drainer.
Others that have suffered the same sting include the United States Securities watchdog SEC which blamed the incident on a SIM swap attack.
With Microstrategy yet to address the incident, it remains unclear whether the hack was preceded by a SIM swap attack.
