On Jan. 23, web3 security firm WalletGuard alerted the crypto community that bad actors took over Whalechart’s Twitter page to promote a fake giveaway.
Twitter account promoting a malicious link
The @Whalechart Twitter account, which has more than 223K followers, and shares crypto news and analysis, was taken over by bad actors who were spamming a link to a fake Uniswap airdrop promotion for several hours.
According to WalletGuard, the link could be trying to impersonate the original Uniswap website address in a phishing attempt.
Anyone following the link is brought to a page asking them to connect their crypto wallets to trigger a reward worth $500 of Uniswap’s native token, UNI.
Whalechart has since reclaimed control of its Twitter account and admitted that it had been compromised. According to the owner, the malicious actor had used a scheduled tweets feature on TweetDeck (a third-party Twitter client) to continuously spam the account with the bogus airdrop link for several hours.
It remains unclear whether any of Whalechart’s followers have fallen victim to the apparent scam. Still, going by Twitter’s new view metrics, people had already eyeballed the offending posts thousands of times before the account’s administrator regained control and deleted them.
The attack bears similarities to the previous Uniswap hack
The style of the alleged scam mirrors another phishing attack from last year that saw a Uniswap user lose more than $8 million worth of ether (ETH).
In that attack, hackers issued 73,399 Uniswap wallet addresses with a malicious token in the guise of a UNI airdrop based on their liquidity pool positions on Uniswap v3.
The malicious smart contract information directed users to a website replicating Uniswap’s domain branding. However, interacting with the phishing message grants an underlying smart contract authorization to completely control a user’s wallet and withdraw any crypto assets.
Phishing scams on the rise
The alleged attack on Whalechart comes only hours after media reports indicated another Twitter account was hacked to promote a fake XRP giveaway. GolTV, a sports channel focused on Latin American soccer, was reportedly taken over by bad actors impersonating Ripple CEO Brad Garlinghouse. The hackers shared a fake giveaway page, apparently promoted by Garlinghouse, that promised an upcoming big pump in the price of Ripple’s native token, XRP.
GolTV’s Twitter account has since gone back to posting soccer news in Spanish, suggesting that it may have wrested control back from the hackers.