Hackers have recently intensified their attacks on crypto project social media accounts, especially Discord and X (formerly Twitter). These channels have been compromised for projects like 1inch, Orderly Network, Sei, Avalanche, ZKsync, and Polygon. High-profile individuals, including members of the Trump family, professional footballer Kylian Mbappé, and NBA player Jaylen Brown, have also been victims of such attacks.
These breaches have led to significant losses; for instance, a user lost $150,000 in ETH after Polygon's Discord was breached. This article will highlight common hacking methods and provide tips for safeguarding assets.
Common Hacking Methods and High-Risk Periods
Hackers often employ phishing attacks, software vulnerabilities, and social engineering to take control of accounts. Once they gain access, they impersonate official accounts and post fake announcements about airdrops, enticing users to click malicious links or download counterfeit Apps.
Hacking incidents often surge during critical events like mainnet launches, token issuances, or airdrops. Users, eager to participate, may neglect to verify the authenticity of information, increasing their vulnerability to attacks. By clicking on malicious links and granting wallet permissions, they may unknowingly allow hackers to transfer tokens or compromise their devices with malware.
Ava Labs COO Luigi D'Onorio DeMeo Fell Victim to Phishing Attack
On August 19, Luigi D'Onorio DeMeo, COO of Ava Labs, fell victim to a phishing attack by clicking a fraudulent password reset link. This led to his X account being compromised, which the hacker then used to promote a fake token named "$PIKA."
Attacks on Discord Servers
Less than 48 hours after the Polygon Discord server was attacked, the servers of Avalanche and ZKsync also experienced similar breaches. Hackers posted fake links claiming to be for the second round of $ZK airdrops, deceiving users into clicking them.
Security Advice for Project Teams
- Enforce strong password policies and change passwords regularly.
- Activate two-factor authentication (2FA).
- Limit account access to only core team members.
- Regularly review and update third-party applications and integrations to reduce potential vulnerabilities.
- Develop an emergency response plan for swift action during an attack and timely communication with the community.
Security Advice for Users
- Information Verification: Exercise caution with announcements from official channels, particularly those related to airdrops or urgent actions. Always cross-check information across multiple official sources (such as the official website, X, Medium, etc.) instead of relying on one.
- Operational Security: Before clicking any link, verify the URL to ensure it’s from a trusted source. Avoid granting token allowance to unfamiliar links, refrain from downloading unverified apps, and keep your software and systems updated to protect against vulnerabilities.
- Token Management: It’s advisable to store tokens using a combination of software and hardware wallets. Decentralized wallets like imToken, which allow users to manage their own seed phrases and private keys, provide enhanced security.
- Stay Calm: Scammers exploit fear and greed. If an offer seems too good to be true, it probably is.
End
Staying vigilant and verifying information from multiple sources is essential to avoid cyberattacks. Continuous learning about security is also crucial due to the evolving nature of hacking techniques.