The X (formerly Twitter) account of crypto auditing firm CertiK has reportedly been hacked and has been stealing crypto from user wallets using disguised phishing links.
CertiK’s compromised account published the link to its 342,900 followers alongside a fake warning claiming that a vulnerability had been discovered in Uniswap’s router contract. The tweet then directed users to a fake RevokeCash page where it claimed they would be able to reverse any vulnerable approvals.
The official Revoke team has since confirmed that the message was fake, saying “CertiK’s X account has been compromised and is sharing a link to a fake Revoke website. Uniswap is NOT compromised.”
CertiK’s affiliated security alert account also warned users this morning to avoid interacting with any posts from the main account until it is confirmed to be safe, noting that it is investigating the incident.
The fake tweet attempted to panic users into clicking on the phishing link as it described made-up attackers redistributing tokens belonging to anyone interacting with the Uniswap contract.
In a bitter irony, just two days prior, CertiK had been promoting its 2023 hacking security report in which it shares statistics and insights into web3 security. According to crypto reporter Wu Blockchain, the official CertiK Discord site was also recently hacked and replaced with a fake Discord promoting phishing links.
The compromised tweet is no longer on the main CertiK account but it remains to be seen if control of the account has been recovered from hackers.
Update January 11, 16:58 UTC: According to CertiK, an employee had interacted with a phishing link that was shared by a hacked account pretending to be the assistant managing editor of Forbes. CertiK claimed there was “no significant loss due to this incident” and that the account was recovered.