The X (formerly Twitter) account for decentralized finance (DeFi) protocol Compound Finance has been hacked and is now promoting a fake phishing site, according to security-related X accounts Scam Sniffer and Officer’s Notes.
At 4:57 pm UTC, the account posted an advertisement for “free $COMP tokens,” urging readers to click a link provided. The link leads to a website that looks identical to the protocol’s official website but has been identified as a scam site.
Cybersecurity blogger Officer's Notes posted an alert from their account at 5:14 pm UTC, urging readers to not click on any links in the post.
FYI the @compoundfinance twitter is compromised and posting a scam link!
— Officer's Notes (@officer_cia) December 29, 2023
Check out: @RevokeCash / @web3_antivirus / @wallet_guard / @blockfence_io / @realScamSniffer
Blockchain security platform Scam Sniffer also altered users, stating that “A phishing link (compound-labs[.]xyz) was spotted 16 hours ago” coming from the official X account.
Alert: @compoundfinance's Twitter account has been compromised. Do not click on any links posted from their account.
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 29, 2023
A phishing link (compound-labs[.]xyz) was spotted 16 hours ago.
Stay vigilant and ensure the safety of your assets by avoiding suspicious links. pic.twitter.com/yoa1RM4P4E
According to Scam Sniffer’s post, the advertised site is a “Pink Drainer scam website,” implying that it is a phishing site that uses the Pink Drainer software to steal users’ crypto. The post also states that blockchain investigator ZachXBT has traced funds stolen by the site and laundered through the eXch exchange.
On Telegram, ZachXBT reported that it “looks like someone got phished for ~275,700 LINK ($4.4M) 2.5 hrs ago” and claimed that these funds were laundered through eXch. If this attack is related to the Compound X hack, it implies that at least $4.4 million has been lost already. However, ZachXBT did not explicitly state that this attack was related to the Compound hack.
The post links to two Ethereum transactions. The first shows a transfer of over 206,000 LINK (LINK) tokens ($3.2 million at the current price) from a Pink Drainer wallet to a known phishing scammer address. The second shows a transfer of approximately 69,000 LINK ($1 million) from an account ending in 8dd4cf to a Pink Drainer wallet address.
The post also linked to a Scam Sniffer alert related to the incident. According to the alert, the account ending in 8dd4cf is the victim of the attack. Blockchain data shows that the victim signed an approval transaction allowing the attacker to spend a very large amount of LINK.
This is a developing story, and further information will be added as it becomes available.
