Hackers hack CertiK auditors’ X account and publish malicious link with fake about the Uniswap hack

In December, the company’s website was also hacked

05.01.2024 - 11:54

124

2 min

What’s new? Unknown people hacked into the X (formerly Twitter) account of CertiK, an auditing blockchain company, and posted fake news about the discovery of a vulnerability in the Uniswap decentralized exchange (DEX) contract. The attackers, on behalf of CertiK, urged subscribers to revoke all permissions to use the contract using the Revoke Cash tool by attaching a fake malicious link to the post.

Source: Twitter.com

What else is known? When interacting with the phishing site, users risk losing all funds from their wallets. So far, the exact amount of damage from the CertiK hack is unknown.

The company has already deleted the attackers’ posts from the official @CertiK account and from its second account, @CertiKAlert (designed for crypto hacking alerts) reported the start of an investigation into the incident. Auditors urged not to interact with the links in the accounts until further notice.

Source: Twitter.com

In mid-December, CertiK’s website was also hacked: the hacker replaced the Discord feed widget with software to steal assets from wallets. Back then, users said that the company should cease operations after such a security incident.

CertiK serves many crypto projects, including TokenFi from the creators of the FLOKI meme token.

In October, unknown people also launched a fake about hacking Uniswap to steal funds. For this purpose, they created fake websites of Blockworks and blockchain explorer Etherscan.

Author: