The X (formerly Twitter) account for decentralized finance (DeFi) protocol Compound Finance has been hacked and is now promoting a fake phishing site, according to security-related X accounts Scam Sniffer and Officer’s Notes.
At 4:57 pm UTC, the account posted an advertisement for “free $COMP tokens,” urging readers to click a link provided. The link leads to a website that looks identical to the protocol’s official website but has been identified as a scam site.
Cybersecurity blogger Officer's Notes posted an alert from their account at 5:14 pm UTC, urging readers to not click on any links in the post.
Blockchain security platform Scam Sniffer also altered users, stating that “A phishing link (compound-labs[.]xyz) was spotted 16 hours ago” coming from the official X account.
According to Scam Sniffer’s post, the advertised site is a “Pink Drainer scam website,” implying that it is a phishing site that uses the Pink Drainer software to steal users’ crypto. The post also states that blockchain investigator ZachXBT has traced funds stolen by the site and laundered through the eXch exchange.
On Telegram, ZachXBT reported that it “looks like someone got phished for ~275,700 LINK ($4.4M) 2.5 hrs ago” and claimed that these funds were laundered through eXch. If this attack is related to the Compound X hack, it implies that at least $4.4 million has been lost already. However, ZachXBT did not explicitly state that this attack was related to the Compound hack.
The post links to two Ethereum transactions. The first shows a transfer of over 206,000 LINK tokens ($3.2 million at the current price) from a Pink Drainer wallet to a known phishing scammer address. The second shows a transfer of approximately 69,000 LINK ($1 million) from an account ending in 8dd4cf to a Pink Drainer wallet address.
The post also linked to a Scam Sniffer alert related to the incident. According to the alert, the account ending in 8dd4cf is the victim of the attack. Blockchain data shows that the victim signed an approval transaction allowing the attacker to spend a very large amount of LINK.
Source : Cointelegraph / Dec 29, 2023