Compound Financial X Account Hacked, Phishing Site Promotes To Steal Crypto
The X (formerly Twitter) decentralized finance (DeFi) protocol hybrid finance account has been hacked and is now promoting a fake phishing site, according to security-related X accounts fraud sniffer and officer notes.
At 4:57 PM UTC, the account posted an ad titled “Free $COMP Tokens,” urging readers to click on the provided link. The link leads to a website that looks similar to the protocol's official website but is known as a scam site.
Cybersecurity blogger Officer Notes posted an alert on their account at 5:14 pm UTC, urging readers not to click on any links in the post.
FYI @compoundfinance twitter is hacked and posting a scam link!
Check out: @RevokeCash / @web3_antivirus / @wallet_guard / @blockfence_io / @realScamSniffer
— Officer Notes (@officer_cia) December 29, 2023
Blockchain Security Platform Scam Sniffer Switched Users, Which “Phishing Link (Compound-Labs)[.]xyz) Viewed 16 hours ago” from the official X account.
Alert: @compoundfinance Twitter account has been hacked. Do not click on any links posted from their account.
Phishing link (composite-labs[.]xyz) Viewed 16 hours ago.
Stay alert and ensure the security of your property by avoiding suspicious links. pic.twitter.com/yoa1RM4P4E
– Fraud Fraudster | Web3 Anti-Scam (@realScamSniffer) December 29, 2023
The website, advertised as a Scam Sniffer post, claims to be a “Pink Drainer Scam website,” indicating that it is a phishing site that uses Pink Drainer software to steal users' crypto. The post also states that blockchain investigator ZachXBT found funds stolen from the site and stolen from the eXch exchange.
On Telegram, ZachXBT reported that “it looks like someone got scammed out of ~275,700 LINK ($4.4M) 2.5 hours ago” and said these funds were siphoned through eXch. If this attack is related to the Compound X hack, it means at least $4.4 million has already been lost. However, ZachXBT did not make it clear that this attack was related to the compound hack.
The post links to two Ethereum transactions. The first shows the transfer of over 206,000 LINK (LINK) tokens ($3.2 million at current prices) from a Rose Drainer wallet to a known phishing scammer's address. The second shows a transfer of approximately 69,000 LINK ($1 million) to Rose Drainer's wallet address from an account ending in 8dd4cf.
The post also linked to a scam sniffer alert related to the incident. According to the alert, accounts ending in 8dd4cf are victims of the attack. Blockchain data shows that the victim has signed an authorization transaction that allows the attacker to withdraw a large amount of LINK.
This is a developing story, and more information will be added as it becomes available.