Automation is a beautiful concept, provided that we control the process. The IFTTT (If This Then That) app used to schedule social media posts was hacked by cybercriminals. Of course, they used it to steal on a large scale. After all, phishing with famous names works best.
IFTTT app in the hands of cybercriminals – cryptocurrency influencers encouraged “investments”
Why hack into the accounts of individual influencers when you can hack into an application that automates social media activities and have their accounts in your possession? This is the assumption of cybercriminals who recently attacked the very popular IFTTT application used to automate posting on social media. Interestingly, this app is over a decade old, having debuted in 2011.
However, it turned out that its users include such influencers from the cryptocurrency world as a16z advisor Packy McCormick, Coinbase product director Scott Shapiro, and Twitch co-founder Justin Kan. The accounts on X portals were cleverly taken over by the hacker, who then started a real hunt.
Pshing from accounts with such large reach was as easy as “catching” mosquitoes on a warm summer evening. Interestingly, the hacker approached the phishing issue in a very creative way and encouraged crypto-celebrity accounts to invest in a special memecoin on $Packy on Solana. It was, of course, a fake that drained the victims' wallets.
The memecoin craze on Solana is a perfect opportunity for phishing
Solana is currently experiencing its second youth. According to CoinGecko research, this is the most popular blockchain of 2024, or at least its first quarter. The increase in the SOL exchange rate above the USD 200 barrier and the real memecoin craze on the Solana blockchain makes hackers also interested in the topic and sees an ideal opportunity for phishing.
There may be many more actions similar to the hacking of the IFTTT app in the coming weeks, so it is worth being careful. What will be most useful is DYOR, i.e. making your own searches and being aware of how hackers use phishing today. Learn about new and old phishing methods in our latest cybersecurity and phishing guide.