Image default
BlockchainCryptoNewsFeatured

Symbiotic X Hacked: Users Targeted in Phishing Attack

TL;DR

  • The X account of the staking protocol Symbiotic was hacked on October 5 and remains compromised, directing users to a phishing site.
  • The attackers deceive users into believing they have accumulated points and ask them to sign messages to drain funds from their wallets.
  • A separate attack on the FIRE token drained its liquidity using a flash loan and a malicious contract, leading the token team to delete their social media accounts.

A recent security incident has put the crypto community on alert following the hacking of the X account of the staking protocol, Symbiotic.

According to a report from PeckShield, the attack occurred on October 5, and as of today, the account remains in the hands of the thieves. The compromised account has been promoting a phishing site that deceives users by directing them to an incorrect URL. Instead of accessing the official Symbiotic site (symbiotic.fi), users are redirected to network-symbiotic[.]fi, where they are led to interact with fraudulent content.

Upon accessing the phishing site, users encounter a page claiming they have accumulated thousands of points, even if they have never used the protocol. The page urges users to redeem their points immediately, warning that they will be lost if they do not click a large green “redeem” button in the center of the screen. When trying to redeem points with an empty wallet, users receive an error message indicating they should try another wallet. However, if the user’s wallet contains Symbiotic tokens, the site is likely to prompt them to sign a message that the scammers will use to drain the wallet’s funds.

symbiotic post

Symbiotic Falls Victim to Phishing Attack Wave

Simultaneously, HP’s Wolf Security report reveals that attackers are using SVG files to infect victims’ computers. This new method allows attackers to install remote access software that steals passwords and personal data. Researchers found that the malware disguises itself as a ZIP file that loads when an image is opened in a browser. Once activated, the malware can take full control of the device, facilitating the theft of cryptocurrencies.

On another note, on October 1, the FIRE token experienced an attack that drained almost all of its liquidity. An attacker used a flash loan to create a malicious contract, selling and repurchasing the token at increasing prices, resulting in immense losses for investors. Following the attack, the token team deleted their social media accounts, suggesting it was a scam from the beginning

Related posts

Binance Objects to SEC’s Utilization of DOJ and FinCEN Settlement in Legal Dispute

Guido Battigelli

Nomad Bridge: Wallet Linked to Hack Transfers $35.5M in ETH to Tornado Cash

Guido Battigelli

Walmart’s Sam’s Club Files Crypto and NFT-related Trademarks Application

Godfrey Benjamin

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More