TL;DR
- The X account of the staking protocol Symbiotic was hacked on October 5 and remains compromised, directing users to a phishing site.
- The attackers deceive users into believing they have accumulated points and ask them to sign messages to drain funds from their wallets.
- A separate attack on the FIRE token drained its liquidity using a flash loan and a malicious contract, leading the token team to delete their social media accounts.
A recent security incident has put the crypto community on alert following the hacking of the X account of the staking protocol, Symbiotic.
According to a report from PeckShield, the attack occurred on October 5, and as of today, the account remains in the hands of the thieves. The compromised account has been promoting a phishing site that deceives users by directing them to an incorrect URL. Instead of accessing the official Symbiotic site (symbiotic.fi), users are redirected to network-symbiotic[.]fi, where they are led to interact with fraudulent content.
#PeckShieldAlert #Phishing @symbioticfi's X account has been compromised. Do *NOT* click the link until further official announcement.
community-symbiotic[.]fi is the #phishing link pic.twitter.com/rmYDKsvhST— PeckShieldAlert (@PeckShieldAlert) October 5, 2024
Upon accessing the phishing site, users encounter a page claiming they have accumulated thousands of points, even if they have never used the protocol. The page urges users to redeem their points immediately, warning that they will be lost if they do not click a large green “redeem” button in the center of the screen. When trying to redeem points with an empty wallet, users receive an error message indicating they should try another wallet. However, if the user’s wallet contains Symbiotic tokens, the site is likely to prompt them to sign a message that the scammers will use to drain the wallet’s funds.
Symbiotic Falls Victim to Phishing Attack Wave
Simultaneously, HP’s Wolf Security report reveals that attackers are using SVG files to infect victims’ computers. This new method allows attackers to install remote access software that steals passwords and personal data. Researchers found that the malware disguises itself as a ZIP file that loads when an image is opened in a browser. Once activated, the malware can take full control of the device, facilitating the theft of cryptocurrencies.
On another note, on October 1, the FIRE token experienced an attack that drained almost all of its liquidity. An attacker used a flash loan to create a malicious contract, selling and repurchasing the token at increasing prices, resulting in immense losses for investors. Following the attack, the token team deleted their social media accounts, suggesting it was a scam from the beginning
