Recently, two high-profile Twitter accounts were compromised: those belonging to Arthur Madrid, CEO of The Sandbox, and Steve Aoki, DJ and founder of the A0K1VERSE project. The latter incident resulted in substantial financial losses for users.
Aoki got Hacked, but ben.eth is at fault?
In Steve's case, the culprits didn't just have their sights set on the popular creator of the A0K1VERSE metaverse, but also decided to involve external accounts, specifically the page of active developer ben.eth. In hopes of an imprudent retweet, fraudsters posted a message referencing the token creator who, unaware of the scheme, responded positively to it. As a result, a multitude of users sent funds to a fraudulent address.
Blockchain detective ZachXBT noticed this, accusing the developer of a carelessness that led to people being robbed of more than $170,000. While the official A0K1VERSE account did warn about the breach, the situation with ben.eth sparked a myriad of discussions regarding the responsibility of popular accounts. Some stood by him, citing the absence of any criminal intent, while others blamed him for his rash actions.
When ben.eth realised his mistake, he removed the retweet of the fraudulent post and pledged to return the cryptocurrency to all those affected by the hacking of Steve Aoki's account. Followers speculated that the developer intended to make good on his promise using assets collected from his token's presale, but he assured everyone that he would provide compensation strictly from his personal funds.
ZachXBT's post. Source: ZachXBT's official twitter account.
Did Arthur Madrid successfully avoid losses?
Scammers who compromised the account of Arthur Madrid, the CEO of The Sandbox, adopted a rather direct strategy. They simply published a message about a token giveaway on a phishing site. Almost immediately, the company's official profile alerted users about the breach and made efforts to shut down the fraudulent site. After regaining access, Madrid personally reminded his followers that any claims about airdrops or sales are invariably fraudulent. It's still unclear how severely unsuspecting users were affected, but unlike ben.eth, no one will be offering compensation for their losses.
What should we bear in mind?
These incidents serve as potent reminders to exercise caution when dealing with not only fleeting meme tokens, but also when considering messages posted on the official pages of well-known figures. Given the novel tactics being employed by fraudsters, it's advisable to simply ignore requests to transfer assets or sign permissions, thus avoiding additional risk.
Certainly, security is not a concern exclusive to users. Developers, CEOs, and other public figures also need to take the appropriate measures: robust passwords, two-factor authentication, and prevention of SIM-card switching. It's hoped that everyone will start to prioritize security, leading to a decrease in these breaches.