MicroStrategy’s official X (formerly Twitter) account was hacked and used to promote a fake airdrop of an Ethereum-based MSTR token during the early hours of today, Feb. 26.

Blockchain security firm PeckShield quickly warned that the offending post contained a phishing link that redirected to a copycat website of the Bitcoin-holding company.

The malicious post has since been removed, but MicroStrategy has yet to comment on the incident as of press time.

MicroStrategy is the largest corporate holder of BTC, and its holdings recently topped the $10 billion mark. Saylortracker data shows that the company’s 190,000 BTC is currently worth $9.7 billion and has an unrealized profit of $3.7 billion.

$440,000 stolen

On-chain sleuth ZachXBT revealed that the attacker stole about $440,000 from users who unknowingly clicked on the post.

Scam Sniffer, a Web3 anti-scam platform, reported that most funds might have been stolen from one victim. According to the firm, the victim seemingly “signed a Uniswap Permit2 permit batch signature, which gave multiple token approvals” to the attacker. Some stolen assets included relatively unknown tokens like wBAI, wPOKT, and CHEX.

Etherscan data show that the attacker has already begun moving the stolen funds, leaving 62.97 Ethereum, equivalent to $195,000, in the exploiter’s address as of press time.

Phishing attacks prevalent in crypto

Phishing scams are among the most popular ways malicious actors steal funds from unsuspecting crypto users.

Crypto scammers often entice their targets by compromising the social media accounts of well-known projects. They promise fake airdrops via phishing links, tricking unsuspecting individuals into granting them access to their funds. As a result, victims unknowingly allow attackers to drain their funds by clicking on these links.

Scam Sniffer revealed that attacks of this nature resulted in the loss of nearly $300 million from more than 320,000 crypto users throughout 2023.