A cybercriminal’s elaborate scheme duped Decentraland into clicking on a phishing email. As they gained access to the project’s X account, they set out more phishing attacks aimed at Decentraland’s users.
A hacker made their way into blockchain-based virtual reality platform Decentraland’s X account on September 19 to launch a phishing attack against its 600,000 followers. The move saw the bad actor posting about a MANA—Decentraland’s native asset—airdrop. Those posts comprised links that took users to a website asking them to connect their wallets to receive the token giveaway. If one thing is certain in the crypto ecosystem, connecting wallets to fraudulent websites results in users having their funds drained.
Blockchain security firm PeckShield warned users of the incident not too long after Decentraland’s account published the posts with the phishing links. “@decentraland’s X has been compromised. The phishing site is launch-decentraland[.]org. Do NOT click the link until further official announcements.”
Source: PeckShieldAlert
Of course, there was no airdrop, giveaway, or distribution. Still, the cybercriminal convinced many to believe the event was real through multiple posts that promised free tokens. Airdrop campaigns are common for crypto projects to bolster community engagement. The bad actor even turned the comments off on their posts to ensure users did not return from the website and relay the nefarious nature of the posts to the rest of the community. Their reasoning for disabling the comments section was others spreading malicious links on it.
Decentraland Acts
Decentraland regained the account after the exploit and released an update about what went wrong. Its team received a phishing email from the scammer, pretending to be X support, asking it to change its account password while fake login attempts were made simultaneously. To protect the account, the team clicked on the email to reset their password. And here we are.
The report also mentioned that the hacker gave X account @yeray284 “delegation access to the account to post.” Decentraland warned users not to engage with “surprise airdrops” and to stay vigilant of phishing attempts. It further mentioned that its X account would revert to business as usual.
