People expect that cybersecurity firms cannot be infiltrated by hackers. However, that's not always the case since even the most secure organization can still experience a breach.

In a new cyber incident, the Twitter account of Mandiant, a prominent American cybersecurity firm under Google, fell victim to a hijacking, paving the way for a cryptocurrency scam. The attackers, in a bold move, posed as the Phantom crypto wallet and initiated a fraudulent giveaway.

The Scam Unveiled: Phantom Crypto Wallet Impersonation

(Photo: rc.xyz NFT gallery from Unsplash) Google subsidiary Mandiant's official X account (formerly Twitter) was hacked by crypto scammers. The hackers promised to give away free $PHNTM tokens on a fake website.

A spokesperson from Mandiant promptly responded to the incident, stating, "We are aware of the incident impacting the Mandiant X account and are working to resolve the issue." The cybersecurity firm is actively addressing the breach to mitigate any potential fallout.

Upon gaining control, the malefactors swiftly rebranded the account as "@phantomsolw" and proceeded to promote a bogus website masquerading as the Phantom crypto wallet, per Bleeping Computer.

The fraudulent site cunningly offered free $PHNTM tokens through an airdrop, a classic crypto scam tactic.

Related Article: Crypto Scam Exposed: US Seizes Digital Currency in Connection to Southeast Asia Investment Fraud

Unraveling the Scam Process: Airdrop Deception

Tests conducted by cybersecurity experts revealed that clicking the "Claim Airdrop" button redirected users without the Phantom wallet to the legitimate site, urging them to install the wallet. 

Once installed, the fake wallet attempted to siphon cryptocurrency from unsuspecting victims. Fortunately, Phantom Wallet's security feature flagged the malicious site as part of a phishing attack.

Trolling and Retaliation: Scammer's Taunts

The threat actor behind the breach swiftly deleted the scam tweets but not without taunting Mandiant. The hacker provocatively suggested Mandiant change its password and playfully hinted at checking bookmarks upon regaining control.

Legitimacy Ploy: Retweets and Phantom Account Interaction

To lend an air of legitimacy, the attacker retweeted posts from the official Phantom account, particularly those advising users to exercise caution with links. This tactic is often employed to enhance the credibility of subsequent crypto-scam posts.

Mandiant's X Account Now Restored

As of the latest update, Mandiant's original Twitter handle, @mandiant, has been restored. However, the cybersecurity community remains on high alert, and the investigation is ongoing to determine the breach's root cause.

"Information stealer malware has a centralized botnet network, where credentials from infected devices are harvested. These credentials are then further validated according to buyers' requirements, such as individual or corporate accounts, number of followers, region-specific accounts, etc,"  security researcher Rishika Desai said via The Hacker News.

Crypto scams are everywhere and you need to be vigilant at all times. The hackers are getting smarter each year and they initiate an attack by swapping SIMs.

In our previous report dated December 2, 2022, a crypto hacker was caught red-handed after he stole more than $20 million in cryptocurrencies. The scammer used a SIM-swapping method to lure his victim into the trap.

Read Also: CryptoWatch: Coin Cloud Hack, US Seize New Crypto Scam, and Top Coin Prices Now