The account was briefly compromised on Jan. 10 and developers have since restored control.
Cryptocurrency data aggregator CoinGecko’s X account and terminal were brieflycompromised on Jan. 10.
As told by CoinGecko developers, “We’re taking immediate steps to investigate the situation and secure our accounts,” warning that users should not “click on any links or engage with suspicious content.”
For a brief period on Jan. 10, a phishing scam link informing users of a CoinGecko token airdrop was posted to the firm’s X account. The post has since been deleted.
Please DO NOT click on any links or engage with suspicious content. Your security is our top priority.
We’ll keep you…
— CoinGecko (@coingecko) January 10, 2024
The day prior, the U.S. Securities and Exchange Commission’s X account was compromised, with scammers posting a seemingly genuine message that SEC Chair Gary Gensler approved multiple applications of Bitcoin spot exchange-traded funds (ETFs). The post has since been deleted. No Bitcoin spot ETFs have been approved by the SEC at the time of publication.
In a post-mortem update of the SEC hack, X said that the breach was not due to any attacks affecting its infrastructure but instead the lack of two-factor authentication (2FA) tied to the SEC’s account. The incident was due to “an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party,” X developers wrote.
We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…
— Safety (@Safety) January 10, 2024
SIM-card swap attacks are an ongoing issue within the Web3 community and occur where imposters, posing as genuine owners of the account, contact telecommunications issuers to switch the victim’s phone service to a number they control, thereby gaining access to the victim’s social accounts bound to the phone number. Last September, Ethereum co-founder Vitalik Buterin’s X account was also breached in a phishing attack.