Hackers have breached the X accounts of the liquid staking platform Rocket Pool, blockchain project VeChain, and the CEO of the analytics firm Arkham to promote scams.
On VeChain’s page, the hacker posted a series of offers for a VET token giveaway. According to the announcement, users sending between 100,000 and 5 million coins to a specified address would receive double the amount in return.
“VeChain does not conduct any giveaways! The account is compromised! Do not send any assets to this address or sign any contracts they share!” warned an active community member known as Maik.
The Arkham team reported that on January 17, the account of the company’s CEO, Miguel Morel, was “briefly” compromised through SIM swapping. The hacker managed to post a fraudulent message, which garnered approximately a thousand views before control of the account was restored.
Yesterday our CEO @RealMiguelMorel‘s Twitter account was briefly compromised via SIM swap. A scam post was created by the hacker but was soon after taken down by Twitter. The post only received ~1K views. The SIM swap has been reversed and the hacker no longer has access.
— Arkham (@ArkhamIntel) January 18, 2024
Also on January 17, attention was drawn to the breach of the Rocket Pool platform’s account. The hacker posted a message claiming a critical vulnerability had been found in the protocol’s smart contracts. In the name of security, the scammer urged users to immediately transfer funds to an updated version.
?Rocket Pool is compromised. The link goes to a drainer.
Do not migrate your assets. If you need to revoke you can revoke using your Webacy Dashboard.https://t.co/aXHZaQQ2Jq pic.twitter.com/5a1fTQv9qK
— Webacy — Safety Never Sleeps (@mywebacy) January 17, 2024
“Rocket Pool is compromised. The link leads to a drainer. Do not move your assets. If you want to revoke approval, use the Webacy dashboard,” wrote the app developers.
By the time of writing, other suspicious posts had appeared on the platform’s page. No comments have yet been made by the project team.
Earlier in January, hackers breached the X account of the U.S. Securities and Exchange Commission to publish a fake message about the approval of a spot Bitcoin ETF.
Subsequently, the perpetrators compromised CoinGecko’s pages on the social platform, where they announced a fake GCKO token giveaway from the analytics service.