CoinGecko’s X accounts have been compromised in a phishing attack.
Cryptocurrency data aggregator CoinGecko's X account and terminal were briefly affected on January 10.
According to the CoinGecko developers, “we are taking immediate steps to investigate the situation and protect our accounts”, warning that users should not “click on any links or create suspicious content”.
For a brief period on January 10th, a link to a phishing scam was posted on the company's X account, notifying users of a CoinGecko token airdrop. The post has been deleted.
Our Twitter accounts @CoinGecko and @GeckoTerminal have been hacked. We are taking immediate steps to investigate the situation and protect our accounts.
Please do not click any links or post any questionable content. Your safety is our priority.
We'll keep you…
— CoinGecko (@coingecko) January 10, 2024
A day before the US Securities and Exchange Commission X account was hacked, fraudsters posted a message that appeared to appear to be genuine that SEC Chairman Gary Gensler had approved multiple applications for Bitcoin spot exchange-traded funds (ETFs). The post has been deleted. At the time of publication, no Bitcoin spot ETFs have been approved by the SEC.
In a post-mortem of the SEC hack, X said the breach was not due to attacks affecting its infrastructure, but instead to the lack of two-factor authentication (2FA) tied to the SEC account. The incident was caused by an “unidentified individual gaining third-party control over a phone number associated with the @SECGov account,” X Developers wrote.
@SECGov We can confirm that the account was hacked and we have completed an initial investigation. According to our investigation, the compromise was not caused by a breach of X's systems, but by an unidentified individual gaining control of the phone number…
— Safety (@Safety) January 10, 2024
SIM swapping is an ongoing issue in the Web3 community, where impersonators pretend to be the real owner of the account and contact telecommunications providers to switch the victim's phone service to a number they control, gaining access to the victim's social account. to the phone number. Last September, Ethereum founder Vitalik Buterin X's account was also compromised in a phishing attack.
Related: What is two-factor authentication (2FA) and how to use it in crypto
