Indian crypto exchange, CoinDCX had its Twitter account hacked on Tuesday. The hackers used the compromised account to promote a fake Ripple (XRP) giveaway.
Today we are pumping XRP. To support our community, we are announcing 100,000,000 XRP GIVEAWAY,” the now-deleted tweet read.
The fake promo was then followed by a phishing link. To erase suspicions, the hackers retweeted official posts from Ripple Labs CEO, Brad Garlinghouse. They also replied to tweets with phishing links.
As they strove to regain control of the account, CoinDCX alerted its followers of the problem through its customer support Twitter handle.
We are in the process of further investigating the possible attempt to compromise our twitter (sic) profile…that has led to the inaccessibility of it,” they announced.
They went further to warn their users not to click on any link on the compromised account.
Spotted by Peckshield
Blockchain security company, Peckshield was the first to detect and report the hack through intel from a Twitter user. Peckshield put up a tweet alert immediately.
Seems like Indian crypto exchange CoinDCX’s Twitter account…was compromised & has been used by the exploiter to share links to fraudulent $XRP GIVEAWAY. Thanks @aayushrai11 for the intel,” the tweet read.
They posted the alert with a screenshot of the fake XRP promo on the compromised page.
CoinDCX is India’s first crypto unicorn and has over 230.7K followers on Twitter. Followers who clicked on the link are at risk of losing their assets. However, CoinDCX has announced that they’ve regained control of the account.
📢 Important Update. pic.twitter.com/RTeIZ5EzRK
— CoinDCX: Making Crypto Accessible to Indians (@CoinDCX) September 20, 2022
A Series of Twitter Phishing Hacks
CoinDCX’s attack is one of the several hacks that have occurred in the last couple of months. In fact, CoinDCX is not the only Indian organization that has suffered a hack. In April, India’s University Grant Commission (UGC) was a victim of a Twitter hack used to promote fake Azuki NFT airdrops. Several journalists and celebrities also raised alarms on alternative media that they’d lost control of their account. Similarly, the official Twitter account of the University of the Philippines was hacked to promote a fake airdrop.
Furthermore, in May, Mike Winkelmann (aka Beeple) fell victim to a Twitter breach. The exploiters used the compromised account to promote a phishing scam that stole over $72,000 from victims.
The most notable of all, however, especially in light of recent events, would be the British Army’s account compromise. In July, hackers used the account to promote BTC and NFT scams. However, the British Army regained control after two hours.
The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway.
The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.
— Ministry of Defence Press Office (@DefenceHQPress) July 3, 2022