CertiK, a blockchain security firm, encountered a phishing scam on January 5 when an imposter, posing as a Forbes journalist, gained temporary control of their X (formerly Twitter) account. The scammer used this access to disseminate a malicious Web3 application through CertiK’s account. CertiK reported in a post that the breach occurred after an employee was deceived by a verified account linked to a reputed media outlet, leading to phishing and the posting of compromised content, which has since been deleted.
Blockchain security platform Cyvers reported seeing the fraudulent messages before their removal. The messages falsely claimed that Uniswap’s routers were compromised and urged users to visit a bogus version of Revoke.cash. This fake site was designed to defraud users of their cryptocurrencies.
CertiK responded swiftly, detecting the malicious post within seven minutes and initiating efforts to revoke the hacker's access. Within 14 minutes, they successfully removed the initial malicious post, and after 37 minutes, the team concluded their investigation, eliminating the threat.
CertiK revealed that this incident is part of a larger, ongoing phishing attack. This scheme mirrors an earlier attack described in a December 21 post by X user NFT_Dreww.eth. In these attacks, scammers impersonated Forbes journalists and tricked victims into linking their X accounts to a counterfeit Calendly website with a misleading URL. Once connected, victims unknowingly granted the attackers permission to post on X using their accounts.
Following CertiK's disclosure, on-chain investigator ZachXBT shared a screenshot of a message used in the phishing attempt, allegedly sent by someone impersonating the late Mark Beech, a former Forbes and Bloomberg contributor. ZachXBT queried whether CertiK would compensate those who might have fallen prey to the scam due to the malicious posts sent from CertiK's account. In response, CertiK urged anyone impacted by the incident to reach out to them. This phishing incident at CertiK is part of a wider series of attacks in the crypto space, with similar breaches occurring at Compound Finance and Polychain Capital in recent weeks.
