The X account on Ethereum staking protocol Rocket Pool was hacked on January 17, with attackers asking users to migrate their assets via malicious links.
Rocket Pool’s hijacker posted a message detailing a smart contract vulnerability discovered by the supposed team. The post asked users to click a link to migrate their assets to version 2 contracts to avoid losses.
The Rocket Pool team confirmed the incident on Discord and warned users not to interact with links posted on the account until further notice.
The potential for loss or theft of cryptocurrency is not yet known at press time.
This exploit is one of several hacks that have already followed attacks on companies like CoinGecko this year. The cryptocurrency price aggregator reported the breach of account X on January 10.
On January 9, the U.S. Securities and Exchange Commission (SEC) account was also hacked when hackers falsely posted an announcement announcing the approval of a Bitcoin ETF. SEC Chairman Gary Gensler said no additional violations were identified while senators called for clarity. Additionally, the FBI is reportedly involved in an investigation related to the SEC hacking.
Days before the SEC security breach, Polychain Capital CEO Olaf Carlson-Wee’s Twitter account was infiltrated by hackers promoting fake airdrop links. Breaches like this highlight broader security issues with cryptocurrencies, as stakeholders are targeted and some protocols are vulnerable to attack vectors such as sophisticated social engineering.
Moving into a bull market characterized by waves of retail capital triggered by institutional adoption and an uncertain resurgence, cryptocurrency security could be a challenge for mass adoption.