Business intelligence firm MicroStrategy’s X account has been hacked, posting malicious links to a fake airdrop of a so-called “official” Ethereum-based MSTR token.
A user clicking on the link is directed to a copycat MicroStrategy webpage that directs them to connect a wallet and claim the fake MSTR airdrop. Once users accept a series of permissions in their Web3 wallet, it is understood that the attackers can automatically drain the tokens out of the user’s wallet.
According to independent blockchain sleuth ZachXBT and anti-scam platform Scam Sniffer, losses incurred from the scam have already tallied over $440,000.
0xe7645b8672b28a17dd0d650a5bf89539c9aa28da
~$440K stolen from the compromise so far— ZachXBT (@zachxbt) February 26, 2024
Scam Sniffer said just one user had lost over $420,000 to the phishing scam at approximately 12:43 am UTC, only several minutes after the first malicious link was posted to MicroStrategy’s account on X.
The unknown user lost a total of $424,786 worth of altcoins, with one transfer going to the MicroStrategy attacker and two being automatically re-routed to a second wallet associated with the notorious hacking group PinkDrainer.
The unknown victim signed for a transaction that saw a total of $134,000 worth of Wrapped Balance AI (wBAI), $122,000 worth of Chintai (CHEX) and $45,000 worth of Wrapped Pocket Network (wPOKT) sent to the attacker’s wallet address.
As of the time of publication, the MicroStrategy attacker’s wallet address holds a total of $329,000 worth of Ethereum-based tokens, per Ethereum DeBank.
Crypto industry pundits were quick to point out the somewhat obvious nature of the scam, with the pseudonymous British crypto investor Cobie noting that MicroStrategy, a firm exclusively focused on Bitcoin (BTC), most likely wouldn’t launch a token on Ethereum.
Magazine: NFT Collector: DCinvestor: Is this the best NFT collection in the world?
Update (Feb. 26, 2:43 am UTC): This article has been updated to include further details surrounding the MicroStrategy attacker.