MicroStrategy’s Official X Hacked: Over $440K In Crypto Stolen

MicroStrategy, the world’s largest corporate holder of Bitcoin (BTC), fell victim to a sophisticated phishing attack, leading to losses exceeding $440,000. The breach occurred through MicroStrategy’s X account, where hackers posted malicious links promoting a fake airdrop of an alleged “official” Ethereum-based MSTR token. MicroStrategy promptly removed the misleading post, but a crypto personality, Spreek, saved a copy.

there was a second best after all

(hacked acc if not obvious lol) pic.twitter.com/cdLqbqiiCO

— Spreek (@spreekaway) February 26, 2024

Fake MicroStrategy Webpage Prompts Users to Link Web3 Wallets

The company’s post enticed users to click the deceptive links, redirecting them to a copycat MicroStrategy webpage. Once there, users were asked to link their Web3 wallets to receive the fake MSTR airdrop. The innocent victims accepted a series of permissions on the counterfeit page, which allowed attackers to steal tokens from their wallets automatically.

According to ZachXBT, a blockchain investigator, and Scam Sniffer, an anti-scam platform, the losses from the scam have exceeded $440,000. 

there was a second best after all

(hacked acc if not obvious lol) pic.twitter.com/cdLqbqiiCO

— Spreek (@spreekaway) February 26, 2024

Scam Sniffer said a single user lost $424,786 to the phishing scam at approximately 12:43 am UTC, just a few minutes after the first malicious link was shared on MicroStrategy’s X account.

someone lost $424,786 worth of $wBAI, $wPOKT, and $CHEX to phishing scams about 5 minutes ago. pic.twitter.com/GEJvHEXuM7

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) February 26, 2024

The unknown victim sent $134,000 worth of Wrapped Balance AI (wBAI), $45,000 worth of Wrapped Pocket Network (wPOKT), and $122,000 worth of Chintai (CHEX) to the attacker’s wallet address. The MicroStrategy attacker received one transfer, while a second wallet associated with the hacking group PinkDrainer rerouted the other two. At the time of publication, DeBank’s data indicates that the MicroStrategy attacker’s wallet contains tokens valued at $329,000.

Twitter (X) Account Hacks Are Getting Common

Hackers often use the accounts of prominent individuals or organizations in and outside the crypto industry to trick users into believing their fake promotions and airdrops are genuine.

In September 2023, attackers compromised the account of Ethereum co-founder Vitalik Buterin. They used it to promote a phishing site that successfully drained over $800,000 from victims. Buterin later disclosed that the hack occurred through a sim swap. 

Moreover, hackers took over the US Securities and Exchange Commission’s (SEC) account last month. They posted a tweet falsely claiming the approval of spot Bitcoin ETFs, leading to a short-term increase in BTC’s price. Investigations revealed that the lack of two-factor authentication (2FA) and a sim swap attack caused the breach.

Users should be careful before clicking on links shared on social media. Some links, especially those asking to connect wallets, can be harmful and drain the wallet.