Crypto Potato
2024-12-27 07:35:29

Animoca Brands’ Exec Explains How His X Account Was Hacked Despite 2FA

Blockchain gaming giant Animoca Brands revealed that co-founder and chair Yat Siu’s X account was hacked, promoting a fraudulent token on Solana’s Pump.fun platform. The attackers impersonated Animoca and falsely announced the launch of a token. Blockchain investigator ZachXBT attributed the hack to a phishing scam that has recently targeted over 15 crypto-focused X accounts, ultimately stealing almost $500,000. Fraudulent ‘MOCA’ Token Siu’s hacked account shared a link to a fake token called Animoca Brands (MOCA) on the Pump.fun platform, which bore the same name as both the company and its Mocaverse NFT collection. This fraudulent MOCA token was then traced back to the same address behind other fraudulent tokens, ZachXBT confirmed . After being promoted on Siu’s account, the token briefly reached a peak value of almost $37,000, only to crash moments later to a market cap of just $5,735, as per data compiled by Birdeye. Currently, there are only 33 holders of the token. ZachXBT had previously uncovered this sophisticated phishing scheme wherein phishing emails disguised as urgent messages from the X team often cited fabricated copyright issues and tricked victims into resetting their account credentials. The scheme leveraged the credibility of crypto-related accounts with large audiences. A majority of those had more than 200,000 followers. Affected accounts included Kick, Cursor, The Arena, Brett, and Alex Blania. The first attack was on November 26, involving RuneMine, and the most recent occurred on December 24, affecting Kick, just before Siu’s. 2FA “Not Enough” to Secure Accounts Siu explained that the hacker somehow obtained his password and used the account recovery page to bypass 2FA by submitting a request with a non-registered email address. He tested this process and noted a significant security gap: while the system triggered a login notification to the wrong email, the actual, registered email received no alerts regarding critical actions like a 2FA change request. He said that this lack of notification could have prevented the hack. Siu also added that the hacker submitted a government-issued ID to bypass further security checks, a tactic he suspects was facilitated by phishing. He urged X to implement stronger notifications, particularly for sensitive changes like 2FA modifications, and recommended better verification measures to protect accounts. Siu also warned that 2FA alone is not enough to secure an account and advised maintaining strong password hygiene, as attackers can bypass 2FA once they have access to the password. The post Animoca Brands’ Exec Explains How His X Account Was Hacked Despite 2FA appeared first on CryptoPotato .

Get Crypto Newsletter
Read the Disclaimer : All content provided herein our website, hyperlinked sites, associated applications, forums, blogs, social media accounts and other platforms (“Site”) is for your general information only, procured from third party sources. We make no warranties of any kind in relation to our content, including but not limited to accuracy and updatedness. No part of the content that we provide constitutes financial advice, legal advice or any other form of advice meant for your specific reliance for any purpose. Any use or reliance on our content is solely at your own risk and discretion. You should conduct your own research, review, analyse and verify our content before relying on them. Trading is a highly risky activity that can lead to major losses, please therefore consult your financial advisor before making any decision. No content on our Site is meant to be a solicitation or offer.