Compound Finance’s X account hacked, promotes phishing site to steal crypto


The X (formerly Twitter) account for decentralized finance (DeFi) protocol Compound Finance has been hacked and is now promoting a fake phishing site, according to security-related X accounts Scam Sniffer and Officer’s Notes.

At 4:57 pm UTC, the account posted an advertisement for “free $COMP tokens,” urging readers to click a link provided. The link leads to a website that looks identical to the protocol’s official website but has been identified as a scam site.

Cybersecurity blogger Officer's Notes posted an alert from their account at 5:14 pm UTC, urging readers to not click on any links in the post.

Blockchain security platform Scam Sniffer also altered users, stating that “A phishing link (compound-labs[.]xyz) was spotted 16 hours ago” coming from the official X account.

According to Scam Sniffer’s post, the advertised site is a “Pink Drainer scam website,” implying that it is a phishing site that uses the Pink Drainer software to steal users’ crypto. The post also states that blockchain investigator ZachXBT has traced funds stolen by the site and laundered through the eXch exchange.

On Telegram, ZachXBT reported that it “looks like someone got phished for ~275,700 LINK ($4.4M) 2.5 hrs ago” and claimed that these funds were laundered through eXch. If this attack is related to the Compound X hack, it implies that at least $4.4 million has been lost already. However, ZachXBT did not explicitly state that this attack was related to the Compound hack.

The post links to two Ethereum transactions. The first shows a transfer of over 206,000 LINK tokens ($3.2 million at the current price) from a Pink Drainer wallet to a known phishing scammer address. The second shows a transfer of approximately 69,000 LINK ($1 million) from an account ending in 8dd4cf to a Pink Drainer wallet address.

The post also linked to a Scam Sniffer alert related to the incident. According to the alert, the account ending in 8dd4cf is the victim of the attack. Blockchain data shows that the victim signed an approval transaction allowing the attacker to spend a very large amount of LINK.

Source : Cointelegraph / Dec 29, 2023 logo


240 rue Evariste Galois,

06410 Biot,

Sophia Antipolis

Automata Pay

65-66 Warwick House 4th

Floor, Queen Street, London

England, EC4R 1EB

Automata Pay Europe Ltd

3rd Floor Ormond Building,

31-36 Ormond Quay Upper,

Dublin 7, D07 Ee37

Automata ICO Ltd

Italian Branch

Via Archimede, 161,

00197 Roma


The purchase of digital assets is subject to a high market risk and price volatility. Changes in value can be significant and occur rapidly and without warning. Past performance is not a reliable indicator of future performance. The value of an investment and returns can fluctuate both up and down, and you may not recover the amount you invested. RISK WARNING

Automata ICO Limited has a branch in Italy with its registered office at Via Archimede, 161, Roma, Italy, and registered in Italy under number 96550860587 with the Organismo Agenti e Mediatori (OAM) as a Virtual Asset Service Provider (VASP).

Automata France SAS is a company registered in France with the company number 902 498 617. Automata FRANCE SAS is registered with the french Financial Market Authority, l’Autorité des marchés financiers (“AMF”), as a provider of Virtual Asset Service Provider under number E2023-087.

Automata Pay Europe Limited is a partner of Modulr Finance B.V., a company registered in the Netherlands with company number 81852401, which is authorised and regulated by the Dutch Central Bank (DNB) as an Electronic Money Institution (Firm Reference Number: R182870) for the issuance of electronic money and payment services. Your account and related payment services are provided by Modulr Finance B.V. Your funds will be held in one or more segregated accounts and safeguarded in line with the Financial Supervision Act.