TLDR
- Microsoft India’s official Twitter account with over 211,000 followers was hijacked by cryptocurrency scammers impersonating the popular trader “Roaring Kitty” (Keith Gill)
- The hijackers used the account to lure victims to a phishing website claiming to sell “GameStop crypto” in a presale, which could lead to victims’ cryptocurrency wallets being drained
- The scammers took advantage of Keith Gill’s recent comeback and the renewed interest in GameStop stock to increase the legitimacy of their scam
- Verified accounts like the U.S. SEC, Netgear, Hyundai MEA, and CertiK were also recently hacked to promote cryptocurrency scams and wallet drainers
- A single wallet drainer called “MS Drainer” stole approximately $59 million worth of cryptocurrency from 63,000 victims between March and November 2023
In a recent attack, cryptocurrency scammers managed to hijack the official Twitter account of Microsoft India, which has over 211,000 followers.
The hijackers took advantage of the renewed interest in the “meme stock” trader Keith Gill, also known as “Roaring Kitty,” who recently made a comeback.
The scammers impersonated Roaring Kitty on Microsoft India’s verified Twitter account, which has a gold checkmark as an officially verified organization.
They used the hijacked account to post tweets luring followers and other Twitter users to a malicious website that claimed to offer a “presale” of GameStop (GME) cryptocurrency.
The website, presaIe-roaringkitty.com, was designed to trick victims into connecting their cryptocurrency wallets, which would then allow the scammers to drain the wallets of any assets held by the victims.
The hijackers also utilized bot accounts to artificially increase the reach of their malicious tweets, potentially trapping more unsuspecting victims.
This attack is part of a larger trend of verified Twitter accounts being compromised and used to promote cryptocurrency scams and wallet drainers.
Earlier this year, the U.S. Securities and Exchange Commission’s (SEC) official Twitter account was also hacked after a SIM-swapping attack.
The compromised account was then used to post a fake announcement about the approval of Bitcoin exchange-traded funds (ETFs), causing a temporary spike in Bitcoin prices.
In addition to the Microsoft India and SEC account hacks, the Twitter accounts of companies like Netgear, Hyundai MEA, and Web3 security firm CertiK were also compromised and used to push cryptocurrency scams and wallet drainers.
The rise of these types of attacks highlights the increasing sophistication and boldness of cryptocurrency scammers, who are targeting verified accounts with large followings to lend credibility to their schemes.
Experts warn that users should exercise caution when engaging with cryptocurrency-related content on social media, even from verified accounts, as the consequences of falling victim to these scams can be severe.