About Blockaid

Blockaid's team of skilled security engineers and researchers is composed of former 8200 cyber intelligence personnel. They have discovered vulnerabilities in some of the most advanced operating systems and browsers, and have built advanced anti-virus and EDR software for world-renowned security companies such as Google, Microsoft, SentinelOne, and more.

The Attack

On Sunday, September 10th, the Twitter account belonging to Vitalik Buterin, one of the co-founders of Ethereum, was compromised by a malicious actor. The hacker executed a successful phishing scam, resulting in the theft of approximately $700,000 worth of assets.

The attacker posted a message promoting a malicious dApp that offered a limited-time NFT collection mint. Numerous users were lured into the campaign to mint free NFTs. However, the link associated with the post directed them to a phishing website that drained their crypto assets and NFTs from their wallets.

Untitled

Among the assets that were stolen, consisting of Ether and NFTs, the hacker has managed to steal a total of $700,000 worth of assets from hundreds of users.

Some of the stolen assets include:

Thanks to Blockaid proactive scanning as well as integrations with some of the leading wallet providers in the space we were able to protect over $100k worth of user assets from being stolen.

Untitled

Blockaid was able to detect and flag the malicious dApp before it was published on Twitter. This was made possible by Blockaid's dApp scanning product and proactive approach, which enabled us to identify potential threats before they became active.

Untitled

Untitled

Users who had Blockaid's protection enabled in their wallets were alerted twice:

  1. Firstly, as soon as they connected to the malicious dApps.
  2. Secondly, when they were asked to sign a malicious transaction issued from the phishing site.