Introduction
On September 19 2024, the official account of Decentraland announced a surprise airdrop for its MANA native token holders. The announcement directed holders of the token to click a link which takes them to a website where the airdrops will be claimed. Once on the website, participants have to connect their wallets and approve the transaction to claim the free tokens. It all looked real until wallets are wiped off and it became obvious that this is a breach - fake airdrop.
The unfortunate thing about this and other fake airdrops is that there are always victims. Before word went out to warn the public about this breach of Decentraland X account, some unsuspecting users have already clicked the fraudulent link and have their assets stolen from the phishing website.
This kind of phishing attack is happening more frequently now and everyone should beware and not fall for the trap.
PeckShieldAlert raised the alarm
PeckShieldAlert was the first to notice the breach and fake airdrop annoucement. The security protocol quickly made a post on their own X account to warn Decentraland community of the potential breach. It included an image of the fake announcement and advised that people steer clear of it until the Decentraland team adresses the issue.
Just as mentioned above, not everyone saw this warning from PeckShieldAlert. Or the warning came a little later for some users that acted immediately and connected wallets to claim their airdrop. Once they got their assets wiped off, it dawned on them that this is a scam airdrop. The Decentraland team of course heard about the breach and later instructed its community to keep away until the issue was resolved by the security team.
How the attack unfolded
Decentraland working with X team has resolved the scam and taken back control of their X handle. They however explained how this breach happened in a recent X announcement to its users and community.
It all started when the hackers sent a fake customer support mail to decentraland, urging them to change their X account password. Once they did, the hackers took control of the X account and even assigned some roles to their own fake account. From the account then posting for Decentraland, the hackers started posting the fake airdrop campaign in Decentraland account.
But right now the issue has been resolved. All the fake airdrop posts have been taken down and new login passwords created to lock away the intruders. Of course, Decentraland maintained communication with its community through other channels and have warned them now about fake and sudden airdrops.
Beware of fake airdrops
Unfortunately, this will not be the last time this manner of hacks and scams will happen. Attackers are really keen to pull off more of this because it has proved successful. So it is always important to be vigilant so that you do not watch your hard-earned efforts wiped off by the bad guys. So the recommendations to keep you and your assets safe are always what you know.
- Verify official announcements: It is now common knowledge that project accounts and celebrity accounts are the target of these attackers. Once they hack into an official channel, it is all too easy to fool users when a fake announcement is made. So always wait to verify announcements coming from official channels such as X.
It is a common practice that if there is a new project like airdrop, the announcements are made across all official channels not just on one. The announcements are seen in Telegram, X, Instagram and even on the projects official website. So before you start interacting with a surprise announcement from an official channel, be sure to verify that such announcement has been circulated through other channels. It may be important to reach out to the Discord channel of the project to verify first before going ahead to participate.
Phishing email works: Take note that the attackers started by sending a fraudulent email to Decentraland and things went downhill from there. So always be sure of emails before opening or interacting with them. Attackers often pose as customer support and they are always willing to help you set up something or install some upgrades. Be careful with such emails. If they claim to be from X, from your wallet or defi service provider, verify their identity before clicking any links provided in their email.
Phishing websites: They are often very difficult to isolate. But if you are a little careful, you wont be taken by surprise. Make sure the URL is spelt exactly the same as the original. Check well to note any differences in URL spellings such as letters spelt twice or other irregularities.
Phishing websites are made to look exactly like the original with colors and content consistent. So make sure that you are in the right place. It starts with making sure of the URL. If you note anything that looks suspicious, its best never to interact with the link or the content of the website.
Finally
If you use Decentraland and you are affected by this breach, kindly follow instructions from the team as they work hard towards ensuring safety of remaining assets of their users. If you wish to learn more about this issue, check the following useful links:
Image credit: Thumbnail modified from Pixabay