今天,MicroStrategy 的個人資料 X(以前稱為 Twitter)遭到駭客攻擊,並宣傳了假想的空投欺詐性加密代幣。
畢竟還有第二個最好的 (如果不明顯的話,就被駭客攻擊了,哈哈)pic.twitter.com/cdLqbqiiCO
- Spreek (@spreekaway) 2024 年 2 月 26 日
這條有罪的推文很快就被刪除了,可能是因為他們很快意識到這一點並且能夠及時幹預。 這條推文在美國發佈時是周日晚上,所以乾預確實很快。
詐騙加密貨幣和 MicroStrategy Twitter 個人資料遭到駭客攻擊 (X)
該騙局代幣名為 MSTR,與 MicroStrategy 的股票代碼完全匹配。
駭客發布的推文稱 MSTR 是完全整合到 MicroStrategy 生態系統中的以太坊代幣,但這顯然是一個謊言。
該推文中包含的另一個巨大謊言是 MSTR 將得到 MicroStrategy 及其比特幣儲備的支援。
名為 MSTR 的加密代幣實際上存在,但它是 Monsterra 專案 BSC 上的 BEP20 代幣。
值得注意的是,該詐欺推文上線的時間太短,以至於 MSTR 的價格幾乎沒有時間做出反應。 事實上,它的市值僅從 66 美分升至 68 美分,在被駭客攻擊的消息發布後又回到了 66 美分。
畢竟,這則推文顯然是欺詐性的,也因為像 MicroStrategy 這樣的上市公司透過空投公開贈送用自己的 BTC 抵押的代幣是沒有意義的。
Monsterra 代幣可能與此詐騙嘗試無關,也是因為 MSTR 這個名稱的選擇與證券交易所上 MicroStrategy 股票的股票代碼相關。
該騙局包括說服用戶點擊駭客發布的鏈接,假裝是他們可以請求接收透過虛假空投分發的代幣的網頁。
該連結指向一個網域為 microstralegy.com 的網站,其中 L 而不是 T。事實上,MicroStrategy 官方網站的正確網域是 microstrategy.com。
Monsterra 真正的 MSTR 代幣於 2022 年 8 月熊市期間首次在加密市場首次亮相,價格為千分之 287 美元,此後其價格除了下跌之外幾乎沒有任何變化。 總體而言,它的市值不到80萬美元。
騙局的影響
儘管如此,總價值超過 40 萬美元的加密貨幣資金似乎仍以這種方式被盜。
0xe7645b8672b28a17dd0d650a5bf89539c9aa28da 迄今從妥協中竊取了約 44 萬美元
- ZachXBT (@zachxbt) 2024 年 2 月 26 日
事實上,詐騙者向其發送承諾偽造 MSTR 代幣交換的 ETH 的公共以太坊地址是已知的,並且多個代幣已被發送到該地址,不同的代幣。
So despite the fraudulent tweet being quickly removed by MicroStrategy, and despite it being obvious that it was a scam, the hackers still managed to cash in a good loot due to ignorance and naivety.
Unfortunately, in the crypto markets there are many inexperienced or overly naive people who are easily convinced with grand promises to hand over their funds to scammers.
Twitter: MicroStrategy’s reaction to the crypto hack
For now, the company has simply intervened by removing the fraudulent tweet.
Being a publicly traded company, and the event happening on Sunday evening, it is likely that we will have to wait until Monday morning before they can thoroughly analyze what happened and let us know what happened.
During the day, it is hoped that they will publish on the same profile X how it was hacked, and how they have decided to protect it.
It is not the first time that something like this has happened, so much so that last month hackers even managed to access the official SEC profile.
Usually these hacks exploit a technique called SIM swap which allows to simulate the possession of the user’s phone number in order to receive an SMS for password recovery or access to the profile. In these cases it would be better to activate two-factor authentication, in order to reduce the risk that a single SMS is enough to penetrate the profile.
Crypto scams
Crypto scams are numerous, and essentially they always rely on the concept of convincing the naive to voluntarily send their funds to scammers by convincing them with lies, as in this case.
Unfortunately, when such lies are published on websites or official social profiles, it becomes much more difficult to recognize them.
The most emblematic case in this sense is precisely that of January, when hackers published false news on the official SEC X profile about the approval of Bitcoin spot ETFs, just the day before the real approval arrived.
In that case, the only way to recognize the lie was the linguistic style used in the tweet, which evidently did not fit at all with the institutional one of the SEC.
Instead, in the case of MicroStrategy it was much simpler, because it is impossible to imagine that the company had decided to give away tokens collateralized with their Bitcoin.