Today, MicroStrategy’s profile X (formerly Twitter) was hacked, with the promotion of a hypothetical airdrop of a fraudulent crypto token.
there was a second best after all
— Spreek (@spreekaway) February 26, 2024
(hacked acc if not obvious lol) pic.twitter.com/cdLqbqiiCO
The incriminated tweet was removed shortly after, probably because they quickly realized it and were able to intervene promptly. When that tweet was published in the USA it was Sunday evening, so the intervention was really done promptly.
Summary
The fraudulent crypto and the hack of MicroStrategy’s Twitter profile (X)
The scam token has been called MSTR, which exactly matches the stock ticker of MicroStrategy.
The tweet published by the hackers spoke of MSTR as a token Ethereum completely integrated within the MicroStrategy ecosystem, but obviously it was a lie.
Another colossal lie contained in that tweet is that MSTR would be supported by MicroStrategy and its reserves in Bitcoin.
A crypto token called MSTR actually exists, but it is the BEP20 token on BSC of the Monsterra project.
It is worth noting that the fraudulent tweet was online for so little time that the price of MSTR barely had time to react. Its market value, in fact, only went from 66 cents to 68 cents, before returning to 66 after the news was published that it had been a hack.
After all, that tweet was clearly fraudulent, also because it wouldn’t make sense for a publicly traded company like MicroStrategy to publicly give away a token collateralized with its own BTC through an airdrop.
Probably the Monsterra token has nothing to do with this scam attempt, also because the choice of the name MSTR is connected to the ticker of the MicroStrategy stock on the stock exchange.
The scam involved convincing users to click on a link posted by hackers pretending to be the webpage where they could request to receive the tokens distributed with the fake airdrop.
The link led to a website with the domain microstralegy.com, with an L instead of a T. In fact, the correct domain of the official MicroStrategy website is microstrategy.com.
The real MSTR token of Monsterra made its debut on the crypto markets in August 2022, during a bear market, at 287 thousandths of a dollar, and since then its price has hardly done anything but decrease. Overall, it has a market capitalization of less than $800,000.
The effect of the scam
Despite all this, it still seems that crypto funds totaling over $400,000 have been stolen in this way.
0xe7645b8672b28a17dd0d650a5bf89539c9aa28da
— ZachXBT (@zachxbt) February 26, 2024
~$440K stolen from the compromise so far
Indeed, the public Ethereum address to which scammers have sent the ETH promising fake MSTR tokens in exchange is known, and several tokens have been sent to that address different tokens.
So despite the fraudulent tweet being quickly removed by MicroStrategy, and despite it being obvious that it was a scam, the hackers still managed to cash in a good loot due to ignorance and naivety.
Unfortunately, in the crypto markets there are many inexperienced or overly naive people who are easily convinced with grand promises to hand over their funds to scammers.
Twitter: MicroStrategy’s reaction to the crypto hack
For now, the company has simply intervened by removing the fraudulent tweet.
Being a publicly traded company, and the event happening on Sunday evening, it is likely that we will have to wait until Monday morning before they can thoroughly analyze what happened and let us know what happened.
During the day, it is hoped that they will publish on the same profile X how it was hacked, and how they have decided to protect it.
It is not the first time that something like this has happened, so much so that last month hackers even managed to access the official SEC profile.
Usually these hacks exploit a technique called SIM swap which allows to simulate the possession of the user’s phone number in order to receive an SMS for password recovery or access to the profile. In these cases it would be better to activate two-factor authentication, in order to reduce the risk that a single SMS is enough to penetrate the profile.
Crypto scams
Crypto scams are numerous, and essentially they always rely on the concept of convincing the naive to voluntarily send their funds to scammers by convincing them with lies, as in this case.
Unfortunately, when such lies are published on websites or official social profiles, it becomes much more difficult to recognize them.
The most emblematic case in this sense is precisely that of January, when hackers published false news on the official SEC X profile about the approval of Bitcoin spot ETFs, just the day before the real approval arrived.
In that case, the only way to recognize the lie was the linguistic style used in the tweet, which evidently did not fit at all with the institutional one of the SEC.
Instead, in the case of MicroStrategy it was much simpler, because it is impossible to imagine that the company had decided to give away tokens collateralized with their Bitcoin.