Crypto scammers took over OpenAI’s press account to publish phishing hyperlinks that focused OpenAI customers.
Whereas the posts have now been deleted, crypto scammers managed to hijack OpenAI’s official press account on X on Sept. 23 to advertise a suspected phishing hyperlink. The ChatGPT developer has but to acknowledge the breach.
These behind the hack promoted a token referred to as “OPENAI,” claiming it will bridge the hole between blockchain and AI.
The posts falsely promised that customers might declare a portion of the token’s provide, permitting them entry to the platform’s future beta applications and engaging them to click on a phishing hyperlink that led to a flagged web site.
To lend an air of legitimacy and forestall eagle-eyed customers from warning others concerning the hack, the attackers disabled feedback on the malicious posts, including the message: “Feedback turned off as a consequence of malicious hyperlinks. Good luck all!”
One consumer on X claimed the faux web site was designed to imitate the OpenAI branding and regarded reputable at first look. Nonetheless, when clicking the OpenAI brand, a immediate would ask guests to attach their wallets.
When customers join their wallets to a malicious platform like this, they’re tricked into signing a fraudulent transaction. This transaction usually seems reputable however truly grants the attacker management over the consumer’s belongings, enabling them to empty all funds saved within the compromised pockets.
Known as ‘approval phishing,’ these assaults have led to over $2.7 billion in losses since 2021, based on Chainalysis.
Sadly, comparable assaults have focused OpenAI execs on a number of events.
Most lately, OpenAI researcher Jason Wei’s account was hacked to advertise the identical phishing scheme, with the attackers beforehand concentrating on OpenAI’s Chief Scientist, Jakub Pachocki. Final yr, OpenAI CTO Mira Murati additionally confronted an analogous breach in June 2023.
As reported by crypto.information, digital reality-focused venture Decentraland additionally suffered the identical destiny final week, with scammers selling a faux airdrop of its native token to mislead customers into connecting their wallets and approving a malicious transaction.
Whereas all of the aforementioned assaults share similarities, it’s unknown if the identical group of attackers is behind them.