cryptoknowmics.com
Business intelligence giant MicroStrategy has fallen victim to a security breach on its X account, resulting in a phishing scam involving a fake Ethereum-based MSTR token. The attackers posted malicious links on the compromised account, enticing users to participate in an unauthorized airdrop. [embed]https://twitter.com/spreekaway/status/1761914062609248287[/embed]
Malicious Links and Fake Airdrop:
The compromised MicroStrategy X account posted links leading to a fraudulent airdrop of the purported "official" Ethereum-based MSTR token. Users who clicked on these links were redirected to a replica MicroStrategy webpage, instructing them to connect their wallet to claim the fake $MSTR airdrop. Upon accepting permissions in their Web3 wallet, attackers could drain the tokens from users' wallets automatically.
Financial Losses and Swift Scam Execution:
[embed]https://twitter.com/realScamSniffer/status/1761916915239530831[/embed] Independent blockchain investigator ZachXBT and anti-scam platform Scam Sniffer revealed that losses from the scam had already exceeded $440,000. In a swift execution, a user fell victim to the phishing scam, losing over $420,000 at approximately 12:43 am UTC—mere minutes after the initial malicious link surfaced on MicroStrategy's X account. The victim's losses included $134,000 worth of wBAI, $122,000 worth of CHEX, and $45,000 worth of wPOKT, with funds directed to the attacker's wallet and another associated with the hacking group PinkDrainer.
Obvious Nature of the Scam:
Crypto industry observers were quick to highlight the apparent nature of the scam. British crypto investor Cobie noted the irony of MicroStrategy, a company primarily focused on Bitcoin, purportedly launching a token on the Ethereum network. Despite the straightforward nature of the scam, it highlights the ongoing challenges in ensuring user awareness and security within the crypto space. As security measures are reinforced, the incident serves as a reminder for users to exercise caution and verify authenticity when interacting with crypto-related activities online.