Tron DAO Hacked, $45,000 Stolen in Social Engineering Attack

A hacker who took over the TronTRON-- DAO X account is estimated to have made around $45,000 in improperly solicited funds. The Tron public relations team confirmed that on May 2, the Tron DAO account posted a contract address and sent direct messages to solicit payments in exchange for promotional advertising on the Tron account. The team quickly identified the intrusionINTZ-- and cut off access to the hacker, but they urged the community to remain vigilant, stating that they would never ask for payments via direct messages or otherwise. The amount improperly solicited appeared to be around $45,000 based on the illicit contract address the hacker posted.

The Tron team is still investigating and says they are in contact with law enforcement. Tron founder Justin Sun accused crypto exchange OKX of failing to act on a law enforcement request to freeze stolen funds connected to the attack. OKX founder and CEO Star Xu publicly denied the allegation, and Sun has removed the original post with the accusation. Tron DAO said in a May 2 X update that they suspect the hack resulted from a team member being targeted in a malicious social engineering attack, which led to their account being compromised. Even after the perpetrator was logged out and their access restored, they continued contacting others, offering posts from the main account in exchange for payment.

Decentralized lending protocol Curve Finance also recently suffered an X account takeover by a bad actor, adding to the growing list of high-profile firms and individuals accessed by social media hackers. In a now-deleted May 5 X post, a scammer posing as Curve Finance shared a link to a CRV airdrop with a weeklong registration period, which some eagle-eyed X users quickly suspected could be fraudulent. Curve Finance founder Michael Egorov confirmed in a reply to analyst CrediBULL Crypto that it was a bad actor posting sham links so far, and no other account appears to be hacked. The control over the X account was just silently taken by someone.

The Curve Finance team has since regained access with the help of a team that included the cybersecurity group SEAL, and found that aside from posting scam links, the hacker also blocked some users who flagged the account takeover, including CrediBULL Crypto. The cause of the hack has yet to be shared publicly, but in response to a user’s query, the Curve finance team said it’s still unclear how account access was taken, and there was no sign of any client-side compromise.

This incident highlights the growing threat of social engineering attacks and the importance of vigilance in the cryptocurrency community. The Tron and Curve Finance hacks underscore the need for enhanced security measures and continuous monitoring to protect against such threats. The community's quick response and the involvement of cybersecurity experts were crucial in mitigating the damage caused by these attacks. As investigations continue, it is essential for organizations to remain proactive in safeguarding their accounts and educating their users about potential risks.