As a seasoned crypto investor with over a decade of experience in this dynamic and ever-evolving market, I’ve seen my fair share of scams, hacks, and fraudulent activities. The recent hack on Yat Siu’s account at Animoca Brands is yet another stark reminder that no one is immune to these malicious attacks, not even the giants in our industry.
In simpler terms, the well-known blockchain gaming company, Animoca Brands, announced that the account of its co-founder and chairman, Yat Siu, was unlawfully taken over. This hacked account was then used to advertise a fake token on the Pump.fun platform on Solana, which is a deceitful act.
In a deceitful move, individuals posing as Animoca unveiled a fake token launch. This deception was exposed by blockchain investigator ZachXBT, who linked the incident to a recent phishing campaign that has been preying on more than 15 crypto-related accounts. The end result of this scam was the theft of approximately $500,000.
Fraudulent ‘MOCA’ Token
It’s been reported that a link to a counterfeit token named Animoca Brands (MOCA) was posted on the Pump.fun platform through Siu’s compromised account. Interestingly, this bogus MOCA token mimicked both the company and its Mocaverse NFT collection in name. Subsequent investigation by ZachXBT revealed that this deceptive MOCA token originated from the same address linked to other fraudulent tokens.
Following the promotion on Siu’s account, the value of the token briefly soared to nearly $37,000, but then plummeted almost instantly to a market cap of just $5,735, as indicated by data gathered by Birdeye. At present, there are only 33 individuals holding this token.
Earlier, ZachXBT exposed a complex scam involving phishing emails that appeared to be urgent notifications from the X team. These fraudulent emails usually claimed fake copyright problems and successfully tricked recipients into changing their account passwords.
The strategy utilized the trustworthiness of popular cryptocurrency accounts, many boasting over 200,000 followers each. Among those targeted were Kick, Cursor, The Arena, Brett, and Alex Blania. The initial incident happened on November 26, involving RuneMine, while the latest attack took place on December 24, impacting Kick right before Siu’s turn.
2FA “Not Enough” to Secure Accounts
Siu pointed out that the hacker managed to find his password and exploited the account recovery feature by submitting a request using an unregistered email address. This tactic allowed them to bypass the Two-Factor Authentication (2FA) since the system only sent a login notification to the incorrect email, while the genuine, registered email received no alerts about crucial actions such as a 2FA change request.
He said that this lack of notification could have prevented the hack. Siu also added that the hacker submitted a government-issued ID to bypass further security checks, a tactic he suspects was facilitated by phishing. He urged X to implement stronger notifications, particularly for sensitive changes like 2FA modifications, and recommended better verification measures to protect accounts.
Siu also warned that 2FA alone is not enough to secure an account and advised maintaining strong password hygiene, as attackers can bypass 2FA once they have access to the password.
Read More
- “I’m a little irritated by him.” George Clooney criticized Quentin Tarantino after allegedly being insulted by him
- South Korea Delays Corporate Crypto Account Decision Amid Regulatory Overhaul
- George Folsey Jr., Editor and Producer on John Landis Movies, Dies at 84
- Why Sona is the Most Misunderstood Champion in League of Legends
- ‘Wicked’ Gets Digital Release Date, With Three Hours of Bonus Content Including Singalong Version
- Destiny 2: When Subclass Boredom Strikes – A Colorful Cry for Help
- An American Guide to Robbie Williams
- Not only Fantastic Four is coming to Marvel Rivals. Devs nerf Jeff’s ultimate
- Leaks Suggest Blade is Coming to Marvel Rivals Soon
- Why Warwick in League of Legends is the Ultimate Laugh Factory
2024-12-27 10:48