On Monday, August 9, 2023, the X (formerly Twitter) account of Blockchain Capital, a leading venture capital firm in the crypto space, was hacked by unknown attackers who posted several messages promoting a fake token giveaway. The scammers claimed that Blockchain Capital was distributing its own token, called BCAP, and urged users to visit a phishing website that mimicked the official site of the firm. The website asked users to connect their crypto wallets, a common tactic used by hackers to steal funds from unsuspecting victims.
Blockchain Capital later regained control of its account and deleted the fraudulent posts. The firm also issued a statement on X, warning its followers about the scam and advising them not to click on any links or enter any personal information. Blockchain Capital also clarified that it does not have any token called BCAP, and that the only official website of the firm is blockchain.
How did the scammers operate?
The scammers behind the attack used a sophisticated method to deceive users and evade detection. They created a fake website that looked almost identical to the original one, except for an extra letter “n” in the URL. They also turned off the commenting feature on their posts, to prevent other users from warning or reporting them. They used the verified badge and the large following of Blockchain Capital’s account to lend credibility to their scheme, and posted multiple times to increase their exposure.
The scammers also exploited the recent hype around crypto airdrops and giveaways, which are often used by legitimate projects to distribute their tokens to the community. However, unlike genuine airdrops, which usually require users to perform some simple tasks or sign up for a newsletter, the scammers asked users to connect their wallets to their website, which would allow them to access and drain their funds.
What are the implications of the hack?
The hack of Blockchain Capital’s X account is the latest in a series of cyberattacks targeting prominent figures and organizations in the crypto industry. In July, Uniswap founder Hayden Adams and pro-XRP lawyer Jeremy Hogan also had their X accounts compromised by scammers who posted malicious links to fake giveaways. The FBI has recently warned of the increasing number of phishing attacks on social media platforms, especially those involving well-known personalities in the crypto space.
The hack also highlights the need for users to be more vigilant and cautious when dealing with online offers and promotions related to crypto. Users should always verify the source and authenticity of any information they receive, and avoid clicking on suspicious links or entering their personal details on untrusted websites. Users should also use secure methods of authentication, such as hardware devices, instead of relying on text messages or emails.
The hack also raises questions about the security and responsibility of X and other social media platforms, which have been repeatedly used by scammers to defraud and harm their users. X and other platforms should implement more robust measures to prevent and detect such attacks, and to protect and inform their users in case of a breach. X and other platforms should also cooperate with law enforcement authorities and the crypto community to track and prosecute the perpetrators of such crimes.