KuCoin's Twitter account hacked to promote crypto scam

KuCoin's Twitter account was hacked, allowing attackers to promote a fake giveaway scam that led to the theft of over $22.6K in cryptocurrency.

The cryptocurrency exchange and trading platform has promised to fully reimburse victims for all verified losses caused by the hack of its official Twitter handle. Furthermore, it assures that all users' assets on the platform remain entirely secure.

While the account was hacked for only 45 minutes, the crypto exchange says it was enough time for its followers to send 22 Bitcoin and Ethereum transactions, allowing the hackers to steal $22,600.

"Until 02:00 Apr 24 (UTC+2), we have identified 22 transactions including ETH/BTC associated with the fake activity, with a total value of 22,628 USDT," reads KuCoins Twitter thread about the incident.

"To prevent more users from being harmed, we are currently examining and blocking suspicious addresses."

As some KuCoin users pointed out on social media, the scammers set up a convincing campaign similar to the platform's regular promotional events, so it was easy for them to get fooled.

The malicious giveaway was hosted on "kucoinevent[.]com," which claimed to be airdropping 5,000 Bitcoin and 10,000 Ethereum to celebrate the exchange's milestone of reaching 10 million users.

The fake giveaway invited all users to participate by sending any amount and receiving double in return, claiming that all persons are eligible for participation, even those without a KuCoin account.

As is typical in this type of fake promotion, the scammers posted fake user comments confirming the validity of the giveaway and helping convince visitors who might have some reservations.

Users affected by this incident are urged to contact KuCoin's support team at "support@kucoin.com" and ignore all advice or recommendations from other channels.

Furthermore, as Twitter is known for fake cryptocurrency support bots, it is not advised to post their issues to the site or respond to anyone offering help.

The company promised to implement additional security measures on top of Twitter's existing two-factor authentication protection to prevent similar incidents from re-occurring in the future.

Additionally, they're working closely with Twitter to determine the attack pathway and how the hackers managed to hijack a verified account despite the multiple protections in place.

Scammers have found that hacking official Twitter accounts of cryptocurrency exchanges can lead to quick cashouts, as posts from official handles appear trustworthy and thus more likely to trick many people, even in a short time.

In late January 2023, a hacker took over the Twitter account of the cryptocurrency trading platform Robinhood and promoted a fake token ("RBH") launch that people invited to buy for $0.0005 each.

In September 2022, a similar incident impacted the Twitter account of the cryptocurrency exchange platform CoinDCX, with the attackers promoting fake XRP (Ripple) ads.

A reliable method to confirm whether a giveaway is real is to check for similar posts on all of the platform's social media channels and the official website. If you see it only in one place, it's likely a scam.