Weekly Blockchain Security Watch (Jan 23 to Jan 29)

Jan 23 to Jan 29


  • Attacker Hacks GOL TV’s Twitter Account, Propagates XRP Scam Project

On 23 Jan, a hacker attacked GOL TV’s twitter (@GOLTV) account. The hacker used the account to propagate an XRP scam project that promised extremely high returns to investors.

  • Hacker Attacks Killabearsnft’s Discord Server

On 24 Jan, a hacker attacked Killabearsnft’s discord server. Killabearsnft is an NFT project deployed on Ethereum.

  • Hacker Attacks CatsYardNFT’s Discord Server

On 24 Jan, a hacker attacked CatsYardNFT’s discord server. CatsYardNFT is an NFT project deployed on Solana.

  • Hacker Exploits Moonbirds’ Founder’s Wallet

On 26 Jan, found of Moonbirds Kevin Rose (@kevinrose) announced on Twitter that his wallet was exploited in case of phishing. Kevin Rose had signed “a malicious signature that allowed the hacker to transfer a large number of high-value tokens”.

Crypto assets including 25 Chromie Squiggles and other NFTs totalling around US$1.5 million were exploited in this incident.

He later urged users not to buy and Chromie Squiggles before his stolen ones were marked by OpenSea.

  • Hacker Attacks Robinhood’s Twitter, Propagates Token Scam Through Phishing Link

On 26 Jan, a hacker attacked Robinhood’s Twitter (@RobinhoodApp) account and used the account to propagate a scam token $RBH through a phishing link. Around 10 people bought this token and lost around US $1000. 

  • Fairyproof Detects New Telegram Phishing Scheme

On 27 Jan, Fairyproof, a pioneering blocking security company detected a new phishing scheme in which hackers would use compromised Telegram user accounts to trick users to send assets to the hackers’ addresses.

For more details: https://twitter.com/FairyproofT/status/1618856301039321088?s=20&t=VdHTeQBaXPTTuBR1vsfL-Q

  • EtherOrcs Announces Discord Server Compromised

On 28 Jan, on-chain Ethereum-deployed game EtherOrcs (@EtherOrcs) announced on Twitter that their Discord server has been compromised – A member of the team has been hacked. In a follow-up Tweet, they announced that they had regained control of the server through “Wick”, compromised accounts were removed “within 60 seconds”, and that an audit would be done.

  • Azuki Announces Compromise of Twitter Account

On 28 Jan, Azuki (@AzukiOfficial) announced on Twitter that their account had been compromised. They detailed that “a series of malicious tweets were posted during the morning of Friday, Jan 27th (Pacific Time)”.

Azuki also announced that while the team has regained control of their Twitter account, investigations into the Twitter breach is still ongoing and that their account has been secured with a 2FA. All malicious tweets and links had also been taken down.

Finally, they had urged users to approach the Azuki mod team on discord should users be in doubt of future announcements by Azuki’s social media channels.

  • Hacker Attacks MTC’s Discord Server

On 29 Jan, a hacker attacked MTC’s discord server. MTC is an NFT project deployed on Solana.


9 notable security incidents have occurred in the past week. It was a big week for the security of various social media accounts – worth noting that 8 of 9 security incidents involve social media accounts.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at


Leave a Reply

Your email address will not be published. Required fields are marked *