QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
JANUARY 2025
GLOBAL
CENTRIFUGE
DESCRIPTION OF EVENTS
Centrifuge and Plume Network have partnered to drive next-generation innovation in tokenized real-world assets (RWAs) within decentralized finance (DeFi). Centrifuge's platform provides the infrastructure for tokenizing a wide range of assets, enabling seamless management of funds and access to real-time on-chain data. With over $675 million in assets financed and more than 1,600 assets tokenized, Centrifuge supports asset managers and investors by offering a transparent, scalable, and flexible environment for RWA investments. The platform is designed to enhance efficiency while providing full transparency of asset performance and transactions.
The partnership with Plume Network aims to further revolutionize the DeFi ecosystem by integrating real-world assets into decentralized finance protocols, creating new opportunities for liquidity and institutional adoption. Centrifuge’s commitment to this innovative market is demonstrated through its strategic collaborations with key industry players, such as Aave, BlockTower, MakerDAO, and others. These partnerships help unlock the potential of tokenized RWAs, enhancing the stability of DeFi ecosystems and paving the way for broader institutional participation in blockchain-based finance. Centrifuge is now positioned as a leader in real-world asset tokenization, focused on accelerating DeFi's evolution by providing essential tools and expertise to the sector.
It would appear that the team managing the Centrifuge Twitter/X account was not trained in understanding phishing attacks.
Fraudsters exploited Centrifuge's official Twitter account by creating a replica of the Twitter login page to steal sensitive information. On January 3rd, the attacker tricked the account’s followers into providing their account ID, password, and a one-time password generated by the two-factor authentication (2FA) system. This allowed the hacker to gain full access to the account, which enabled them to log out all active sessions, modify the 2FA settings, and prevent account recovery through standard methods.
With control of the account, the fraudster set up a mobile passkey to bypass any password reset attempts, effectively locking out legitimate account holders from regaining control. The attacker then used the compromised account to post malicious links, promoting a scam token. These posts misled followers into engaging with a fake fundraising address disguised as part of an AI project token, encouraging them to send funds to the scam address. This address was later found to hold 93.57 SOL, which represents the amount stolen through the fraud. These actions exploited the trust of Centrifuge’s community and put their assets at risk, underlining the need for swift intervention and enhanced security measures to prevent similar attacks in the future.
Some of the schemes launched by fraudsters included:
Fake Fundraising Address (Disguised as an AI Project Token): The primary scam involved posting a fraudulent fundraising address on Centrifuge's compromised Twitter account. The address was presented as part of an AI project token, luring followers into thinking they were contributing to a legitimate cause. This scam address eventually held 93.57 SOL.
AI Pool Investment Scam: In another attempt to deceive users, a tweet about a fake "AI pool" was shared, claiming that there were 48 hours left to participate with as little as 1 Solana. This was designed to encourage users to invest in the scam token $YUMI, which was linked to the fraudulent activities.
Phishing for Solana (SOL): A victim transferred 209.22 Solana into the scammer's wallet, highlighting that the attacker was directly targeting Solana holders by tricking them into sending funds to the fraudulent address. This type of scam is a classic example of a "phishing" attempt, where users are manipulated into sending cryptocurrency to an illegitimate wallet.
Losses appear to be significant, however there is no tally of all wallets which could be located.
Centrifuge reports that they quickly partnered with security experts, alerted the community, and attempted recovery through Twitter's standard process. They escalated the issue with Twitter, regaining control by January 6th. Immediate security measures were implemented, such as resetting credentials and 2FA settings.
By January 6th, the account was secured, and Centrifuge implemented immediate security measures, including resetting credentials and 2FA, to prevent future breaches. Additionally, Centrifuge took further steps to enhance security, such as requiring hardware-based security keys for critical services and providing their team with enhanced training to detect phishing attacks. The compromised funds from the scam address were not mentioned as recovered, but the security of the account was restored, and the team emphasized their commitment to preventing similar incidents in the future.
Centrifuge, a platform for tokenizing real-world assets (RWAs) within decentralized finance (DeFi), was compromised when its official Twitter account was hacked on January 3rd. The attacker used a replica of Twitter’s login page to steal login credentials and bypass 2FA, gaining full access to the account. They posted fraudulent links, including a fake fundraising address disguised as an AI project token, which led to the theft of 93.57 SOL. The fraudster also promoted an "AI pool" investment scam and targeted Solana holders. Centrifuge acted quickly by partnering with security experts, alerting the community, and working with Twitter to regain control by January 6th. After securing the account, the platform implemented additional security measures, such as hardware security keys and enhanced training to prevent future breaches.
Centrifuge官方X账户被盗并发布虚假信息,请当心风险_快讯-odaily (Feb 6)
Centrifuge | The Platform for Onchain Finance (Feb 6)
@centrifuge Twitter (Feb 6)
@CoinRank_io Twitter (Feb 6)
@jeffery__stuart Twitter (Feb 6)
@Gbbigbuy Twitter (Feb 6)
cryptalihan - "Wallets connected to draine dont know if it helps" - Twitter/X (Feb 6)
