MicroStrategy's Social Media Account Hack Nets $440,000 through Phishing Scam

By: Eva Baxter

MicroStrategy's official social media account was compromised and exploited to instigate a deceptively marketed airdrop for an Ethereum-based token, MSTR, during the dawn hours of February 26. Blockchain security firm, PeckShield, promptly identified and cautioned that the duplicitous post had a phishing link that redirected to a mimic website of MicroStrategy, a prominent Bitcoin-holding firm.

The perilous post has been deleted subsequently, but MicroStrategy, known to be the biggest corporate possessor of Bitcoin, has not officially commented about this breach yet. According to data from Saylortracker, the firm's massive 190,000 Bitcoin holding currently has a value of $9.7 billion with an unrealized profit of about $3.7 billion.

On-chain analyst ZachXBT disclosed that the hacker pilfered approximately $440,000 from unwitting users who clicked on the said post. Most assets were possibly stolen from a single victim who, as per Web3 anti-scam platform Scam Sniffer, 'signed a Uniswap Permit2 permit batch signature, which gave multiple token approvals' to the perpetrator.

Phishing scams, unfortunately, are quite prevalent in the crypto space. Bad actors frequently compromise reputable social media accounts, promising fake airdrops through phishing links thus tricking guileless individuals into permitting them access to their funds. Scam Sniffer documented that attacks of this kind resulted in an estimated loss of $300 million from more than 320,000 unsuspecting crypto users in the year 2023.