- Certik’s Twitter (X) page has been reportedly hacked.
- The attacker shared a phishing link to a fake Revoke website.
- The post with the phishing link has since been deleted.
According to multiple reports, blockchain security and smart contract audit firm Certik fell victim to a cyber attack on its official Twitter (X) page on January 5.
The development comes hardly a day after the company released its 2023 Hack3D security report highlighting a 50% decline in crypto losses, and it was termed “a significant milestone in blockchain security.”
Certik’s Twitter Account Hacked
Among the first people to break the news of the Certik attack was Chinese reporter Wu Blockchain, who noted that the attacker had compromised the firm’s X account and shared a phishing link to defraud users of their wallet funds.
Per Wu’s report, “Not long ago,” the Discord on Certik’s official website was also replaced and turned into a fake Discord with phishing links. Wu made the report in response to a dubious message posted on Certik’s Twitter page, presumably by the hacker, but has since been deleted.
The message read:
“WARNING: Our team has found the Uniswap Router contract to be vulnerable to a re-entrancy exploit, allowing attackers to move anyone’s tokens if approved to the Uniswap contract. Use @RevokeCash in order to revoke any vulnerable approvals.”
In response to the development, the Revoke Cash team issued an update confirming that Certik’s Twitter account might have been compromised and was “sharing a link to a fake Revoke website.” The team reiterated that Uniswap was not compromised.
Web3 security tool Wallet Guard warned users to avoid the link on Certik’s page, noting that it led to a wallet drainer.
Read about dYdX’s post-mortem report on its $9M exploit:
dYdX Identifies Hacker in $9M SUSHI and YFI Incident
Stay updated on how the Orbit cross-chain bride was recently exploited:
Orbit Cross-Chain Bridge Hit for $82 Million