Decentraland’s X Account Hacked: Scammers Use Phishing Links to Target 607,000 Followers

On September 19, cryptocurrency scammers gained access to Decentraland’s official X (formerly Twitter) account and started promoting a phishing campaign posing as an airdrop for the platform’s native token, MANA.

PeckShield, a blockchain security company, discovered the breach, which targeted the virtual reality project’s 607,000 followers.

The attackers posted a link to a fake website, launch-decentraland[.]org, urging users to connect their wallets to claim the supposed airdrop. By doing so, users would unknowingly sign malicious blockchain transactions that transfer control of their crypto assets to the scammers.

Decentraland's X account hacked to promote fake MANA airdrop.

Users urged to avoid phishing links and wait for official updates.

Part of a larger wave of #crypto-targeted social media hacks. pic.twitter.com/VEkN7zwexm

— TechTiynypen News (@TechTinypen) September 19, 2024

Ironically, the hackers disabled comments on their posts, citing the prevention of “malicious links” as the reason. Though the initial posts were quickly deleted, two more surfaced promoting a different phishing link, token-decentraland[.]org.

As of the latest update, Decentraland has not regained full control of its X account, and users have been warned not to interact with the platform’s social media presence.

Rising Threat of Phishing Scams in the Crypto Space

Phishing attacks have become increasingly common in the cryptocurrency world, with over $63 million in losses reported in August 2023 alone. High-profile projects, including Polygon, have recently fallen victim to these schemes.

For instance, Polygon’s Discord server was hacked, and phishing links were shared, tricking users into compromising their accounts. Similarly, Renzo, a liquid restocking platform, was targeted in a similar attack earlier this year.

I warn all the Digital Asset Holders about the ongoing Hacks and Scams.

Decentraland | $MANA adds to the list.

Some of the renowned product pages or Brands are facing the same.

In some instances, Hackers lure the public with Free Airdrops or Token claims.

Some of the Hackers… pic.twitter.com/Tq26QHpeOx

— Brian Luk (@web3guru_luk) September 19, 2024

Individual investors have also faced significant losses. One trader lost $55 million in DAI due to a phishing scam, while an NFT collector lost $145,000 worth of Bored Ape Yacht Club assets in a single incident.

These scams often revolve around “approval phishing,” where victims are tricked into signing transactions that give attackers access to their funds. Since 2021, such schemes have accounted for over $2.7 billion in stolen assets, according to data from Chainalysis.

How Users Can Protect Themselves from Crypto Phishing Attacks

To help protect against these growing threats, users can take several steps to safeguard their crypto assets:

• Verify URLs: Always double-check the authenticity of links, especially when posted on social media.
• Use Security Features: Wallets like MetaMask have introduced new features designed to help detect and block malicious activities.
• Monitor Social Media: Over 80% of comments under official crypto project posts contain phishing links, according to SlowMist research. Avoid engaging with unfamiliar links, even if they appear to come from trusted sources.

1. Attacker creates a fake message: The attacker crafts an email, text message, or social media post that appears to be from a legitimate source, such as a bank, online retailer, or government agency.👇https://t.co/G9T34gCRXR

— Patrick (Friends call me 'Trick) (@HEAVYDUTYPMC) September 19, 2024

As phishing attacks become more sophisticated, the importance of user vigilance continues to grow. By staying informed and adopting security best practices, cryptocurrency users can reduce the risk of falling victim to these costly scams.