Singapore-based cryptocurrency exchange KuCoin announced through Twitter that its official Twitter handle was hacked, allowing threat actors or scammers to promote a fraudulent giveaway scam, which resulted in the theft of more than $22.6K worth of cryptocurrency. Though the cryptocurrency exchange account was compromised for only 45 minutes, its users had enough time to send 22 Bitcoin and Ethereum transactions, giving the hackers access to $22,600. Kucoin tweeted that:
This fake giveaway as pointed out by some users on social media acted as an easy trap for the users to get fooled because the Bitcoin trading and exchange platform in the past have also announced similar promotional events. It mentioned that to Commemorate the exchange’s achievement of having 10 million customers, 5,000 Bitcoin, and 10,000 Ethereum were purportedly being airdropped on “kucoinevent[.]com,” the website hosting the malicious giveaway.
The giveaway claimed that everyone was entitled to participate, even those without a KuCoin account, and welcomed all users to participate by contributing any amount and earning double in return. Not only the fake giveaway, but in the move of this type of fraudulent marketing the scammers also posted fake user comments confirming the validity of the giveaway, convincing visitors who might have some reservations. The company communicated through Twitter about examining and blocking suspicious addresses to prevent any further harm.
However, the Bitcoin trading and exchange platform has pledged to fully compensate victims for all losses resulting from the hack of its official Twitter handle. Additionally, the company promised to implement additional security measures on top of Twitter’s existing two-factor authentication protection. It further added that they’re working closely with Twitter to determine the attack pathway and how the hackers managed to hijack a verified account despite the multiple protections in place.
It is necessary to note here that this kind of incident is not happening for the first time. Last year, in September, a similar incident impacted the Twitter account of the cryptocurrency exchange platform CoinDCX, with the attackers promoting fake XRP (Ripple) advertisements. Thus, it is important to strengthen the security check system and draft comprehensive regulations for both the company and Twitter to establish a system of checks and balances and eliminate such incidents in future.