On March 21, the accounts of several crypto industry influencers in X were compromised to promote the PACKY scam token. Probably, the hacker got access through the automatic post publishing service IFTTT (If This then That).
One of the victims was the adviser Andreessen Horowitz (a16z) Packy McCormick. In the fraudulent post, the attacker called for investing in a new meme token "with big marketing plans and listings on CEX", attaching the address of the Solana wallet.
"It's not me. Your account was hacked. We are working to fix this. Don't follow my links and (obviously) don't send money to a random address," McCormick said after restoring access.
Later, the a16z adviser suggested that the hacker gained control of the account through IFTTT, which he "granted access to Twitter about ten years ago."
McCormick recalled the need to periodically revoke permissions from third-party apps.
IFTTT is a web service launched in 2011 that allows users to set up automated processes on various online platforms and social networks.
Justin Kahn, co-founder of the streaming platform Twitch, faced a similar problem.
"It looks like I've been hacked, don't buy any shitcoins, please," he wrote.
Coinbase's chief Product Officer, Scott Shapiro, was also hacked. On his behalf, the hacker promoted the same PACKY token, which was allegedly launched in collaboration with the exchange's CEO, Brian Armstrong.
"Is there anything that says more about Web 2.0 than this list of connected apps? It's scary how many authorization tokens from ten years ago are in these cemeteries. Disable everything, " his post reads.
In addition, the attackers attacked the accounts of co-founder of the Rainbow Web3 application Mike Demarias, CEO of Asymmetric Finance Joe McCann and digital artist Brian Brinkman.
"The lesson I learned is that even when using 2FA and Yubikey, there are always vulnerabilities," the latter noted.
On-chain sleuth ZachXBT agreed with the assumption of a vulnerability on the part of IFTTT.
Earlier, the official X-account of the manufacturer of hardware crypto wallets Trezor was hacked to promote cryptoscam. Hackers offered to send funds to the presale of a new token.
On March 19, unknown people hacked The Open Network blockchain account in X and posted a fake post about the airdrop.
One of the victims was the adviser Andreessen Horowitz (a16z) Packy McCormick. In the fraudulent post, the attacker called for investing in a new meme token "with big marketing plans and listings on CEX", attaching the address of the Solana wallet.
"It's not me. Your account was hacked. We are working to fix this. Don't follow my links and (obviously) don't send money to a random address," McCormick said after restoring access.
Later, the a16z adviser suggested that the hacker gained control of the account through IFTTT, which he "granted access to Twitter about ten years ago."
McCormick recalled the need to periodically revoke permissions from third-party apps.
IFTTT is a web service launched in 2011 that allows users to set up automated processes on various online platforms and social networks.
Justin Kahn, co-founder of the streaming platform Twitch, faced a similar problem.
"It looks like I've been hacked, don't buy any shitcoins, please," he wrote.
Coinbase's chief Product Officer, Scott Shapiro, was also hacked. On his behalf, the hacker promoted the same PACKY token, which was allegedly launched in collaboration with the exchange's CEO, Brian Armstrong.
"Is there anything that says more about Web 2.0 than this list of connected apps? It's scary how many authorization tokens from ten years ago are in these cemeteries. Disable everything, " his post reads.
In addition, the attackers attacked the accounts of co-founder of the Rainbow Web3 application Mike Demarias, CEO of Asymmetric Finance Joe McCann and digital artist Brian Brinkman.
"The lesson I learned is that even when using 2FA and Yubikey, there are always vulnerabilities," the latter noted.
On-chain sleuth ZachXBT agreed with the assumption of a vulnerability on the part of IFTTT.
Earlier, the official X-account of the manufacturer of hardware crypto wallets Trezor was hacked to promote cryptoscam. Hackers offered to send funds to the presale of a new token.
On March 19, unknown people hacked The Open Network blockchain account in X and posted a fake post about the airdrop.
