Yesterday around 08:00 pm (UTC+2), the profile X of the cryptographic project Near Protocol was compromised. The hacker, not yet identified, exploited the popularity of the account to publish a series of hate messages towards the crypto and web3 sector.
Strangely, the community did not lose any funds as no malicious link and no scam token contract address were published by the attacker.
It is not the first time that Near Protocol has experienced a similar security incident: in May, its X profile had previously been compromised in a similar modus operandi.
Let’s see all the details below.
Unusual hacker attack on the X account of the Near Protocol project
Last night the official X profile of Near Protocol was hacked by an individual who still has not been identified.
This is a particularly unusual attack, as it seems that the user’s intent was not to fraudulently enrich themselves by exploiting the account’s 1.8 million followers.
In fact, in a time span of about 1 hour during which the project’s profile was compromised, no malicious link, malware, or phishing campaign was published.
At the beginning, it was even thought that it was not a hack, but merely a marketing move by the Near Protocol team with the goal of attracting engagement.
Subsequently, the hack was confirmed, but no funds were stolen from the community of the blockchain of type L1.
Screenshot of a post published by the hacker, now removed. Source: https://x.com/NEARProtocol
It seems that the hacker’s goal was to spread discontent or to troll the crypto community with hate messages towards the web3 sector.
The username of the Near account was renamed to “it’s all a lie”, while the bio listed all the web3 scam projects with a link to CoinMarketCap.
From the subsequently published posts, the playful spirit of the attacker was evident, who continued to mock the major crypto projects.
By retweeting, for example, a post from MetaMask, the hacker advised all users of the wallet to seek psychiatric mental support.
In another post, he mocked the information site Coindesk, which promptly reported the news of the hack.
Again, the joker hesitated about the virility of crypto enthusiasts by posting a photo depicting a vial of liquid testosterone. He recommended its use to all those who are affected by the “crypto mind virus”.
Fortunately, although this episode undermines the reputation of Near Protocol, there were no violent intentions from the hacker. Not even a cent was stolen from the crypto community.
The post-mortem statement from the Near Protocol team
A few hours after regaining control of their X profile, the Near Protocol team published a post-mortem statement of the incident.
In a brief message, the project insiders acknowledged and confirmed the hack. They highlighted the attacker’s attempt to demotivate, dissuade, and criticize both Near and the entire crypto and web3 sector.
Although the identity of the subject has not been discovered, it is believed that behind these trolls is the well-known hacker “four chan”. He is known for his frequent hacks for trolling purposes, where he enjoys mocking his victims and the followers of the victims.
It is not clear how the profile was technically compromised but the Near team stated that the security flaw has been isolated.
Mike Rotch, IT expert and head of the security team, led the operation restoring the correct control of the social media.
A statement from the NEAR Ecosystem regarding today’s events. pic.twitter.com/3GeQCafN5d
— NEAR Protocol (@NEARProtocol) September 4, 2024
Despite this story not involving cases of theft or scam, it is clear that the attack still casts a bad light on the work of Near Protocol in terms of security.
It is also not the first time that one’s social account has been compromised: in May, in fact, another similar case occurred.
Not even on that occasion were funds stolen from users, while coded “darkness” messages were published.
Through a grotesque style and with strange text fonts, messages had emerged that quoted: “the sun rises in the east”, “take back your thoughts”, and “reclaim your sovereignty”.
There is a good chance that the hacker troll “four chan” is responsible for both hacks.
The problem of social profile hacks in the crypto world: some practical advice
The case of the hack of the X profile of Near Protocol, despite there being no serious consequences, underscores an underlying problem of the entire crypto world.
Often malicious users (much more than “four chan”) specifically target the social profiles of cryptographic projects with the intent of leveraging their popularity and credibility to steal money from less attentive users.
More and more often similar cases have repeated, with most occasions where the hacker publishes a post with a malicious link that directs to a fraudulent dapp.
Often in these attacks, reference is made to certain lanci di airdrop in progress (obviously fake), as a tactic to attract as much traffic as possible to the fake links.
Other times the “contract address” (ca) of a token is published, which has been previously purchased massively by the hacker, and which will be dumped after pushing the community to buy it. In the worst cases, these tokens are “honeypot”, meaning they only allow purchasing and not selling by users, except for the code developer.
In short, there are various tactics that malicious individuals exploit to mislead the followers of a crypto project.
In most cases, fortunately, only a few million or a few hundred thousand dollars are stolen, while the most lucrative hacks occur on-chain.
On social media, there is an attempt to play on the inexperience of the audience, with newcomers struggling to distinguish a fake post from a scammer from a real one published by the team.
The advice we can give is to always perform a double check on X when encountering “strange” posts or when discussing tokens and airdrops.
99% of the time, if there is truly a legit airdrop happening, everyone will be talking about it and you can be sure that (by following the right accounts) you will recognize it instantly.
Never click on links published on X without a preliminary check on other platforms, especially if from unknown accounts. Additionally, it is advisable to install a security extension, which identifies possible fraudulent smart contracts, such as “wallet guard”.
In this way, if you accidentally end up in a dapp scam, the extension will notify you.
For the problem of honeypots and tokens with rugpull mechanisms, the solution is not to trade memecoin (lol).