The x account of the virtual reality-focused Decentraland project was compromised earlier today to promote phishing links.
According to PeckSheild’s alert, on September 19, cryptocurrency scammers took over Decentraland’s x account to promote a fake aiddrop for its native MANA token, which ultimately turned out to be a phishing campaign targeting the project’s 607,000+ supporters.
Ironically, the scammers also disabled comments on their posts, claiming it was to prevent “malicious links.”
The now-deleted posts first appeared at around 01:50 am UTC and promoted a malicious Decentraland-branded website. Users redirected to the launch-decentraland(.org) website were asked to claim the airdrop by connecting their wallets.
Typically, in such a scenario, users are asked to sign a malicious blockchain transaction that transfers control of the wallet to the malicious actor, allowing them to drain any crypto funds or other assets present.
After the initial posts were deleted, two more similar posts were made, this time promoting a different website: token-decentraland(.)org, and as of this writing, these posts remain.
It’s unclear how many users have been affected by this campaign so far, but PeckShield has urged users to avoid interacting with Decentraland account x. Based on the latest activity, it appears the VR platform has yet to regain control of the account.
crypto space is the new hunting ground for phishing scammers
Several major crypto projects have been targeted by scammers lately, with phishing scams resulting in losses of at least $63 million in August alone. For example, Polygon’s Discord channel was compromised last month and phishing links were posted, reminiscent of a similar attack on liquid rewriting platform Renzo earlier in the year.
Meanwhile, individual traders were not spared either: one large DAI investor lost $55 million in a matter of seconds, while one nft trader lost over $145,000 worth of Bored Ape Yacht Club collectibles just months earlier.
The common denominator in all of these attacks has been that victims sign malicious transactions. Cybersecurity experts call this “approval phishing” and it has led to losses of more than $2.7 billion since 2021, according to Chainalysis.
These scams are mostly prevalent on social media platforms like x and Telegram, and research by SlowMist indicates that over 80% of all comments on official crypto project posts contained phishing links.
As scams become more sophisticated, the need to be vigilant has never been greater. Cryptocurrency enthusiasts should stay informed and be careful when interacting online.
In response to these growing threats, cryptocurrency wallets like MetaMask have stepped up their efforts by integrating new security features aimed at protecting users from falling victim to such attacks.
