CoinGecko X Account Hacked, Suddenly Posting Crypto Airdrop

JAKARTA - CoinGecko, one of the leading crypto data aggregator sites, suddenly uploaded a post on social media X regarding airdrops or distribution of free tokens with links leading to fraudulent acts. This incident occurred on Monday 10 January 2024.

Launching CoinGecko, the attackers posted a fake link on CoinGecko's account, which claims to provide a CoinGecko airdrop token to users who follow certain instructions. However, the link actually directs users to a fraudulent website, which aims to steal their personal and credential data.

CoinGecko immediately became aware of the breach, and removed the fake post in less than an hour. CoinGecko also issued an official statement apologizing to users and reminded them to be careful of suspicious content.

Furthermore, CoinGecko also confirmed that they have no plans to launch their own tokens, and have never asked users to provide their personal or credential information through social media.

"We are deeply sorry for the inconvenience caused by this incident, and we are grateful for your support and understanding. We are working hard to strengthen the security of our accounts, and we will continue to provide the best service to you," CoinGecko wrote in a statement.

This incident is similar to the one experienced by the official US Securities and Exchange Commission (SEC) account on X, which was also hacked the previous day. In this case, the attackers posted fake news, which said that SEC Chairman Gary Gensler had approved several bitcoin-based exchange-traded funds (ETF) requests. This news made bitcoin prices soar, before being clarified by Gensler as a hoax.

X then confirmed that the SEC account was hacked because the phone number associated with the account was controlled by an unknown party through a third party. X also revealed that the SEC account did not activate the two-factor authentication feature (2FA) when the account was hacked.

The 2FA feature is one way to improve account security, by asking users to enter code sent via SMS or a special application, in addition to passwords, when logging into their account.