Virtual reality-focused project Decentraland’s X account was compromised earlier today to promote phishing links.
According to PeckSheild alert, on Sept. 19 crypto scammers took over Decentraland’s X account to promote a fake aidrop for its native token MANA, which eventually turned out to be a phishing campaign targeting the project’s over 607,000 followers.
Ironically, the scammers also disabled comments on their posts, claiming it was to prevent ‘malicious links.
The now-deleted posts first surfaced around 01:50 am UTC and promoted a malicious website bearing Decentraland’s branding. Users redirected to the launch-decentraland[.org] website were asked to claim the airdrop by connecting their wallets.
Typically in such a scenario, users are prompted to sign a malicious blockchain transaction which transfers the wallet’s control to the bad actor allowing them to drain any crypto funds or other assets present.
After the initial posts were deleted, two more similar posts were made, this time promoting a different website: token-decentraland[.]org, and as of the time of writing, these posts remain.
It’s unclear how many users have been affected by this campaign so far, but PeckShield has urged users to avoid interacting with Decentraland’s X account. Based on the latest activity, it appears the VR platform has yet to regain control of the account.
Crypto space is the new hunting ground for phishing scammers
Several prominent crypto projects have been targeted by scammers of late as phishing scams have led to at least $63 million in losses in August alone. For instance, Polygon’s discord channel was compromised last month and phishing links were posted, echoing a similar attack on the liquid restaking platform Renzo, earlier in the year.
Meanwhile, individual traders haven’t been spared either, with one large DAI investor losing $55 million in a matter of seconds. While an NFT trader lost over $145,000 in Bored Ape Yacht Club collectibles just months before.
The common denominator in all these attacks has been the victims signing malicious transactions. Cybersecurity experts call this ‘approval phishing’ and it has led to over $2.7 billion in losses since 2021 according to Chainalysis.
These scams are mostly prevalent on social media platforms like X and Telegram, with research from SlowMist indicating that over 80% of all comments under posts from official crypto projects contained phishing links.
As scams become more sophisticated, the need for vigilance has never been greater. Crypto enthusiasts must stay informed and exercise caution when interacting online.
In response to these growing threats, cryptocurrency wallets like MetaMask have stepped up by integrating new security features aimed at protecting users from falling victim to such attacks.