KuCoin’s Twitter account was hacked, allowing attackers to promote a fake giveaway scam that led to the theft of over $22.6,000 in cryptocurrency.

The cryptocurrency exchange and trading platform has promised to fully reimburse victims for all verified losses caused by the hacking of its official Twitter account. Moreover, it ensures that all user assets on the platform remain completely secure.

Tweet by KuCoin

While the account was hacked for just 45 minutes, the crypto exchange says it was enough time for its subscribers to send 22 Bitcoin and Ethereum transactionsallowing hackers to steal $22,600.

“As of 2:00 a.m. on April 24 (UTC+2), we have identified 22 transactions, including ETH/BTC associated with the fake activity, with a total value of 22,628 USDT,” KuCoins’ Twitter thread reads. the incident.

“To prevent more users from being harmed, we are currently reviewing and blocking suspicious addresses.”

Like some KuCoin users underline on social media, the scammers set up a convincing campaign similar to the platform’s regular promotional events, so it was easy for them to get tricked.

The malicious giveaway was hosted on “kucoinevent[.]com,” which claimed to drop 5,000 Bitcoin and 10,000 Ethereum to celebrate the exchange’s milestone of reaching 10 million users.

Fake KuCoin promotion on kucoinevent[.]com
Fake KuCoin promotion on kucoinevent[.]com
Source: BleepingComputer

The fake giveaway invited all users to participate by sending any amount and receiving double in return, claiming that all people are eligible to participate, even those without a KuCoin account.

As is usually the case with this type of bogus promotion, the scammers posted fake user reviews confirming the validity of the giveaway and helping convince visitors who might have reservations.

Users affected by this incident are requested to contact the KuCoin support team at “support@kucoin.com” and disregard any advice or recommendations from other channels.

Moreover, as Twitter is notorious for its fake cryptocurrency support botsposting their problems on the site or responding to anyone who offers help is not recommended.

The company promised to implement additional security measures on top of Twitter’s existing two-factor authentication protection to prevent similar incidents from happening in the future.

Additionally, they are working closely with Twitter to determine the attack route and how the hackers managed to hijack a verified account despite having multiple protections in place.

Scammers have discovered that hacking official cryptocurrency exchange Twitter accounts can lead to quick withdrawals, as posts from official handles seem trustworthy and therefore more likely to deceive many people, even in a short time.

In late January 2023, a hacker took over the Twitter account of cryptocurrency exchange Robinhood and promoted a bogus token launch (“RBH”) that people are invited to purchase for $0.0005 each.

In September 2022, a similar incident impacted the Twitter account of cryptocurrency exchange CoinDCX, with the attackers promoting fake XRP ads (Ripple).

A reliable method to confirm if a giveaway is real is to search for similar posts on all the platform’s social media channels and the official website. If you only see it in one place, it’s probably a scam.


Source link