Hackers take over Gate.io’s Twitter account to promote a phishing scam

Cases of phishing scams in the crypto space have risen sharply in recent months, targeting the social media accounts of valid companies. In one such case, hackers took over the official Twitter account of crypto-currency exchange Gate.io.

This exposed nearly one million Gate.io followers to the risk of fraudulent Tether donation. Twitter is one of the social networks with the most active crypto community. As a result, there is a growing trend of hacking Twitter profiles of verified accounts to promote scams.

The tweet posted by the hacker offered a prize of 500 USDT to the first 1,000 winners. While posing as the official Gate.io website, the hacker asked Twitter followers to connect their wallets to the phishing site.

#PeckShieldAlert #Phishing Seems like crypto-exchange Gate[.]io’s verified Twitter account @gate_io was compromised & has been used to share links to fraudulent $USDT GIVEAWAY.
gąte[.]com is the phishing site.
Thanks @aayushrai11 and @grpolice for the intel pic.twitter.com/cpZ6CgAADm

– PeckShieldAlert (@PeckShieldAlert) October 22, 2022

PeckShield, a company that specializes in blockchain security and data analysis, was quick to respond. It helped Gate.io regain control of its verified account and thus remove the malicious ad. The total number of scammed victims remains unknown. Peckshield stated:

“It appears that the verified Twitter account of Gate[.]io @gate_io has been compromised and used to share links to a fraudulent GIVEAWAY $USDT. gąte[.]com is the phishing site.”

Later, Gate.io also published a post about the development of the case. “We were made aware of this as soon as it happened, posted a notice, and the account was locked shortly after it was compromised“, he said.

More phishing scam incidents in the past week

It seems the related @OlympusDAO‘s BondFixedExpiryTeller contract has a redeem() function that does not properly validate the input, resulting in ~$292K loss. https://t.co/dkhC5Ex9sz https://t.co/ikidpLyBga pic.twitter.com/wu5tUrepS6

– PeckShield Inc (@peckshield) October 21, 2022

Over the past week, several phishing incidents have been reported in the crypto space. In another such incident, a hacker stole nearly $300,000 in OHM tokens from OlympusDAO. However, the hacker decided to return the tokens a few hours later. PeckShield tweeted. :

“It appears that @OlympusDAO’s BondFixedExpiryTeller contract has a redeem() function that does not properly validate the input, resulting in a ~$292K loss.”

The hacker could have gotten $3.3 million if he had reported the code flaw. Since January 2022, the DAO has offered rewards to those who have detected errors and caused $1 million in lost funds.

In another incident of this type of phishing attack, hackers stole API keys from the 3Commas trading bot platform and made unauthorized transactions for DMG trading pairs on the FTX crypto currency exchange.