Microstrategy’s X Account Hacked, Promotes Airdrop Scam

cryptonews.com:

MicroStrategy’s X account was compromised on Monday Asia time with followers being directed to a phishing website under the domain name “Microstralegy” promoting an airdrop of “MSTR token.”

The posts have been deleted. A spokesperson from Microstrategy was unavailable to comment further on the hack.

It is estimated that around half a million could have been stolen from MicroStrategy’s X account being  compromised.

0xe7645b8672b28a17dd0d650a5bf89539c9aa28da

~$440K stolen from the compromise so far

— ZachXBT (@zachxbt) February 26, 2024

This latest breach mirrors a similar incident that occurred January 9, when the U.S. Securities and Exchange Commission’s (SEC) account was compromised, with scammers posting a seemingly genuine message from Chair Gary Gensler stating that the SEC had approved multiple applications for Bitcoin spot exchange-traded funds (ETFs).

The post was subsequently deleted. According to the investigation carried out by X Reviews, the breach was not due to any attacks affecting its infrastructure but instead was a result of the lack of two-factor authentication (2FA) tied to the SEC’s account.

There was initial uncertainty regarding the legitimacy of the spot Bitcoin ETF approvals as the SEC website went down shortly after the announcement. The doubt was heightened by the previous hacking of the SEC’s official X account. However, the website quickly came back online, confirming the authenticity of the approval for the spot Bitcoin ETFs.

In January, cryptocurrency data aggregator CoinGecko experienced a security breach when their account fell victim to a phishing attack.

During a brief period on January 10, a phishing scam link was posted on their X account, falsely informing users of a CoinGecko token airdrop.