The exploitation of crypto scams by hackers can be attributed to the inherent characteristics of cryptocurrencies that provide two critical environments that enable the concealment of illicit activities.
Cryptocurrencies’ decentralized nature and the anonymity they afford create a challenging landscape for authorities to track and identify cyber criminals.
As a result, hackers leverage these characteristics to execute scams that are difficult to trace, thereby covering their tracks and evading legal consequences.
The potential for quick financial gains and the lack of regulatory oversight make the crypto space a lucrative target for fraudulent schemes, attracting threat actors.
An American cybersecurity firm, which is a subsidiary of Google, Mandiant’s X (formerly known as Twitter) account was recently hacked to push crypto scams.
Mendiant’s X Account Hacked
Mandiant was acquired by Google in 2022 for $5.4 billion, which specializes in unveiling the tactics of nation-state-backed threat actors that give a sharp boost to cybersecurity.
Mandiant’s account was hacked for hours by a hacker pushing a crypto-stealing link. However, the Google-owned security firm, Mandiant, regained control over its account, but details on the breach still remain unclear.
The hacked account of Mandiant posed as “Phantom,” urging users to visit a malicious site. Besides this, the employees of X promptly removed all the scam posts that kept reappearing.
Here below, we have mentioned all the changes and activities done after hacking Mendiant’s X account:-
- Hacker switched @mandiant handle
- Promoted a bogus Phantom site for free tokens
- Posted cryptic message
- Urged for password change
- The Mandiant profile claimed non-existence, “This account doesn’t exist”
Apart from this, questions persist about Mandiant’s X account security and whether a strong password and two-factor authentication were used.
Last month, a claim surfaced regarding a “reflected XSS” vulnerability in the social media site. The discoverer reported it, but it didn’t qualify for the bug bounty program of X.
However, according to a University of California at Berkeley Ph.D. candidate, “Chaofan Shou,” a crafted link could enable attackers to take over accounts.