The X account of Michael Saylor’s Bitcoin development firm MicroStrategy was recently breached, with the hackers broadcasting a series of phishing links to a fake airdrop for a so-called Ethereum-based “MSTR” token. According to independent on-chain sleuth ZachXBT, losses incurred from the hack have already totaled over $440,000.
Fake ‘MSTR’ Airdrop Costs Users $440K
MicroStrategy, the world’s largest Bitcoin (BTC) corporate holder, has found itself at the center of a cybersecurity incident. The company’s official X account was compromised on Monday to promote a fraudulent airdrop.
The bad actors published an unauthorized post announcing the airdrop of “MSTR” token and a link for claiming the fake token on a copycat MicroStrategy webpage. The attackers claimed MSTR was Ethereum-based, had low transaction fees, and was backed by MicroStrategy’s Bitcoin reserves. Once unsuspecting users accept a couple of permissions in their Web3 wallet, it is believed that the hackers can automatically drain the tokens from their wallets.
there was a second best after all
— Spreek (@spreekaway) February 26, 2024
(hacked acc if not obvious lol) pic.twitter.com/cdLqbqiiCO
Reports show the phishing attempt has already led to $440,000 being lost, based on analysis by blockchain sleuth ZachXBT. Web3 anti-scam platform Scam Sniffer noted that one victim had lost over $424,000 to the scam only a few minutes after the first malicious link was posted on MicroStrategy’s X account. The crypto assets lost include $134,000 from Wrapped Balance AI (wBAI), $122,000 from Chintai (CHEX), and $45,000 from Wrapped Pocket Network (wPOKT).
The stolen crypto was swiftly moved to the hacker’s wallet as two more transfers were conducted and re-directed automatically to a second wallet address, which was immediately identified due to its link with the notorious PinkDrainer hacking group.
At press time, neither MicroStrategy nor Michael Saylor had issued a public statement regarding the hack. However, it appears that the phishing X posts have been deleted, with MicroStrategy likely regaining control of its account.
Commenting on the incident, market watchers suggested that the phishing scam was rather obvious. Crypto investor Cobie, for instance, remarked that MicroStrategy, a company solely focused on BTC, is highly unlikely to roll out a token on the Ethereum blockchain:
“Obviously trying not to be victim-blaming here, but you gotta be very special to think MicroStrategy is launching an ETH token after Saylor has spent multiple years very famously saying ‘there is no second best’ and ‘you only use one chair’ etc.”
The attacker’s wallet currently holds a total of $321,916 worth of tokens from Ethereum, Polygon, and others.