The X account of virtual reality-focused project Decentraland was hacked earlier today to promote phishing links.
According to a PeckSheild alert, crypto scammers took over the Decentraland X account on September 19 to promote a fake airdrop of its native token MANA, which eventually turned into a phishing campaign targeting the project’s more than 607,000 followers.
Oddly enough, the scammers also disabled comments on their posts, claiming it was to prevent “malicious links.”
The now-deleted posts first appeared around 01:50 AM UTC and promoted a malicious website branded as Decentraland. Users who were redirected to the launch-decentraland(.org) site were asked to claim the airdrop by linking their wallets.
Typically in such a scenario, users are asked to sign a malicious blockchain transaction which transfers control of the wallet to the bad actor allowing them to drain any cryptocurrencies or other assets present.
After the initial posts were deleted, two more similar posts were created, this time promoting a different website: token-decentraland(.)org, and as of this writing, these posts are still up.
It’s unclear how many users have been affected by this campaign so far, but PeckShield has urged users to avoid interacting with the Decentraland X account. Based on recent activity, it appears the VR platform has yet to regain control of the account.
The crypto space is the new hunting ground for phishing scammers
Several prominent crypto projects have been targeted by scammers recently, with phishing scams resulting in losses of at least $63 million in August alone. For example, Polygon’s Discord channel was hacked last month and phishing links were posted, mirroring a similar attack on restock platform Liquid Renzo earlier this year.
Meanwhile, individual traders haven’t been spared either, with one major DAI investor losing $55 million in seconds, while an NFT trader lost over $145,000 on Bored Ape Yacht Club collectibles just months ago.
What all of these attacks had in common was that victims signed malicious transactions. Cybersecurity experts call this “consent phishing,” and it has resulted in losses of over $2.7 billion since 2021, according to Chainalysis.
These scams are mainly prevalent on social media platforms like X and Telegram, where research from SlowMist indicates that over 80% of all comments under posts from official crypto projects contain phishing links.
As scams become more sophisticated, the need to be vigilant is greater than ever. Cryptocurrency enthusiasts should stay informed and exercise caution when interacting online.
In response to these growing threats, cryptocurrency wallets like MetaMask have integrated new security features aimed at protecting users from falling victim to such attacks.