Just recently, Tron Foundation and Curve Finance were attacked on their X (formerly Twitter) accounts. These episodes resulted in billions of dollars in financial damages and raised alarms over platform-related security risks to the burgeoning cryptocurrency industry. These incidents are reminders of the growing complexity and severity of cyberattacks aimed at crypto platforms and their users.

According to a blog post from the Tron team, the hacker fraudulently solicited around $45,000 using their hacked X account. The breach set off a hasty investigation. What’s even more alarming, investigators found shocking parallels between this breach and the recent hack of the New York Post’s X account on May 3. Through all the understandable excitement to find a link, the Tron team urges you not to jump to early conclusions.

Tron DAO Hacked via Social Engineering

On the 13th of March, Tron DAO finally admitted that it’s account got hacked through a known and targeted social engineering attack.

"targeted in a malicious social engineering attack, which led to their account being compromised" - Tron DAO.

While the Red Cross team was able to move quickly to try to regain control, matching the hacker’s level of persistence became impossible.

"Even after the perpetrator was logged out and our access restored, they continued contacting others, offering posts from our main account in exchange for payment" - Tron DAO.

CREdiBULL CRYPTO & BOFA alert users were able to detect and report the account takeover just in time. Their rapid response underscores the importance of the community in detecting and addressing emerging cyber threats. To this end, Tron’s public relations team called for increased vigilance while denying claims they had been soliciting payments in DMs.

"Our security team quickly identified the intrusion and cut off access to the hacker, but we ask the community to continue to be vigilant. We will never ask anyone for payments like this via DM or otherwise" - Tron public relations team.

Curve Finance Targeted with Fake Airdrop

Piling on the wave of crypto-related hacks, Curve Finance experienced a security incident on May 5. A common Solidity hacker scam prompt An attacker posed as Curve Finance and advertised a fake CRV airdrop, enticing victims with an extended registration window of one week. Some X users immediately identified the post as a scam. The fact that this happened shines a light on the platform’s overall vulnerability to misinformation and malicious phishing schemes.

The Curve Finance team conducted their own investigation into the incident, ruling out any compromise.

"No sign of any client-side compromise" - Curve finance team.

"No other account appears to be hacked — the control over X account was just silently taken by someone" - Michael Egorov.

Escalating Trend of Social Media Hacks

Recent scandals involving Tron DAO and Curve Finance have shed light on a more insidious practice. Social media accounts are constantly being hijacked to push crypto scams. Just last week on April 15, X UK Parliament member Lucy Powell experienced a takeover of her X account. Hackers leveraged it to promote a scam crypto token named the House of Commons Coin (HOC). In the same way, the New York Post’s X account was hijacked on May 3 to spread fake news.

With the frequency and sophistication increasing, the need for better security and a more informed user-base is imperative. It’s time for crypto platforms and social media companies to collaborate to better protect consumers from becoming victims of these scams. Keep a watchful eye and never take any information without questioning it from the reputed source. Always exercise extreme care when responding to special offers or releasing any personal information.