A network of bot accounts, posing as crypto-security figures such as ZachXBT and Peckshield Alert on X (formerly known as Twitter) has orchestrated a series of incidents resulting in over 75 ETH or about $300k in losses.
As reported by ZachXBT, the strategy adopted by these bots involves creating counterfeit accounts with subtle variations in usernames.
Phishing Identities
The scam itself revolves around impersonators crafting posts detailing fictitious Uniswap or OpenSea exploits.
Bots then inundate specific hashtags, pushing these deceptive posts to gain traction.
SEE: Bots phishing and posing as legitimate crypto security platforms/influencers. Credit ZachXBT
The operation relies on tricking users into clicking on these phishing links, then leading them to sign messages that unknowingly deplete their assets.
The twowallets that were used for the theft then transferred the total sum, amounting to almost 76 ETH to a main address.
This method of leveraging both impersonation and phishing, remains a persistent threat in the crypto space.
Impersonation
A similar incident occurred in September when Ethereum founder Vitalik Buterin's X account was targeted in a SIM swap attack.
Hackers gained access, impersonating Buterin to post a malicious link - pilfering at least $691,000 from unsuspecting users.