- Rocket Pool’s X account has been hacked and the malicious actor is directing the account’s followers to a wallet drainer
- The platform is among the top five Dapps on Ethereum with close to $3 billion in TVL
- The crypto community has criticized Rocket Pool for neglecting its social media accounts’ security
Scammers are taking a different route to draining crypto wallets by first hacking into a crypto project’s social media account and then directing its followers to a wallet drainer. A malicious actor has taken this approach by hacking the X (formerly Twitter) account of Rocket Pool, an Ethereum-based liquid staking protocol with close to $3 billion in total value locked. The actor then claimed that the pool had been compromised and that users should migrate funds to a new smart contract, which in essence was a disguised wallet drainer.
Users to “Pay the Price”
The hacker wrote that “bad actors” had exploited a vulnerability in the project’s smart contract and that users needed to “migrate” their assets to “the new contract below.”
🚨Rocket Pool is compromised. The link goes to a drainer.
Do not migrate your assets. If you need to revoke you can revoke using your Webacy Dashboard.https://t.co/aXHZaQQ2Jq pic.twitter.com/5a1fTQv9qK
— Webacy – Safety Never Sleeps (@mywebacy) January 17, 2024
The malicious actor posted several such messages with a link to the “new contract,” forcing Rocket Pool to use other avenues to report the security breach on its X account. Some in the community have criticized the protocol for not taking “5 minutes to secure” themselves, causing its users to pay the price.
— Smacaud (@Smacaud1) January 17, 2024
The hack on Rocket Pool’s X accounts comes a few days after hackers breached the security of the United States Securities and Exchange Commission’s (SEC) account on the social media platform.
Gensler’s Response Becomes NFT
Although SEC’s X account hacker didn’t direct the commission’s followers to a wallet drainer, he spooked the crypto market by prematurely posting that the SEC had approved 11 spot Bitcoin ETFs. The community even inscribed the commission chief’s response to the hack on the Bitcoin blockchain.
With over 10 hours passed since Rocket Pool’s X account was hacked, the protocol is yet to announce on its other social media accounts whether it has regained control of the account or whether its users fell victim to the hacker’s trick.