Azoundria: Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/centrifuge$yumiaitokentwitterxcompromise.php}} {{Unattributed Sources}} Centrifuge Logo/HomepageCentrifuge, a platform for tokenizing real-world assets (RWAs) within decentralized finance (DeFi), was compromised when its official Twitter account was hacked on January 3rd. The attacker used a replica of Twitter’s login page to steal login credentials and..."

2025-02-06T22:13:57Z

Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/centrifuge$yumiaitokentwitterxcompromise.php}} {{Unattributed Sources}} thumb|Centrifuge Logo/HomepageCentrifuge, a platform for tokenizing real-world assets (RWAs) within decentralized finance (DeFi), was compromised when its official Twitter account was hacked on January 3rd. The attacker used a replica of Twitter’s login page to steal login credentials and..."

New page

{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/centrifuge$yumiaitokentwitterxcompromise.php}}
{{Unattributed Sources}}

[[File:Centrifugeio.jpg|thumb|Centrifuge Logo/Homepage]]Centrifuge, a platform for tokenizing real-world assets (RWAs) within decentralized finance (DeFi), was compromised when its official Twitter account was hacked on January 3rd. The attacker used a replica of Twitter’s login page to steal login credentials and bypass 2FA, gaining full access to the account. They posted fraudulent links, including a fake fundraising address disguised as an AI project token, which led to the theft of 93.57 SOL. The fraudster also promoted an "AI pool" investment scam and targeted Solana holders. Centrifuge acted quickly by partnering with security experts, alerting the community, and working with Twitter to regain control by January 6th. After securing the account, the platform implemented additional security measures, such as hardware security keys and enhanced training to prevent future breaches.<ref name="odailynews-17872" /><ref name="centrifuge-17873" /><ref name="centrifugetwitter-17874" /><ref name="coinrankiotwitter-17875" /><ref name="jefferystuarttwitter-17876" /><ref name="gbbigbuytwitter-17877" /><ref name="cryptalihanwallets-17878" />

== About Centrifuge ==
Centrifuge and Plume Network have partnered to drive next-generation innovation in tokenized real-world assets (RWAs) within decentralized finance (DeFi). Centrifuge's platform provides the infrastructure for tokenizing a wide range of assets, enabling seamless management of funds and access to real-time on-chain data. With over $675 million in assets financed and more than 1,600 assets tokenized, Centrifuge supports asset managers and investors by offering a transparent, scalable, and flexible environment for RWA investments. The platform is designed to enhance efficiency while providing full transparency of asset performance and transactions.

The partnership with Plume Network aims to further revolutionize the DeFi ecosystem by integrating real-world assets into decentralized finance protocols, creating new opportunities for liquidity and institutional adoption. Centrifuge’s commitment to this innovative market is demonstrated through its strategic collaborations with key industry players, such as Aave, BlockTower, MakerDAO, and others. These partnerships help unlock the potential of tokenized RWAs, enhancing the stability of DeFi ecosystems and paving the way for broader institutional participation in blockchain-based finance. Centrifuge is now positioned as a leader in real-world asset tokenization, focused on accelerating DeFi's evolution by providing essential tools and expertise to the sector.

== The Reality ==
It would appear that the team managing the Centrifuge Twitter/X account was not trained in understanding phishing attacks.

== What Happened ==
"The official X account of the RWA lending protocol Centrifuge was compromised, and fake information was posted."
{| class="wikitable"
|+Key Event Timeline - Centrifuge $YUMI AI Token Twitter/X Compromise
!Date
!Event
!Description
|-
|January 4th, 2025 8:45:00 PM MST
|Jeffrey Stuart Bullish On Hack
|According to one trader, "hacking corporate crypto accounts with anime waifus is the meta we need" and "thats why its bullish dummy".
|-
|January 4th, 2025 10:39:00 PM MST
|CoinRank News Posted
|CoinRank posts an announcement that on January 5, the official Twitter account of the RWA lending protocol Centrifuge was hacked. The hacker posted a fundraising address disguised as an AI project token, which currently holds 93.57 SOL. Users are warned not to interact with the compromised account and are urged to remain vigilant to protect their assets.
|-
|January 5th, 2025 2:57:00 AM MST
|@0x4Graham Warning Tweet
|"The @centrifuge account has been hacked. We've been emailing you for 2 days now, but to no avail. Please, if anything just suspend the account so the HACKERS cannot post anymore scams."
|-
|January 5th, 2025 7:09:00 AM MST
|YUMI AI Pool Post
|A reported tweet shares that there are 48 hours left to get in on the AI pool, with as little as 1 Solana invested.
|-
|January 5th, 2025 8:01:54 AM MST
|Victim Sending Funds Transaction
|One of the largest transactions, transfering 209.22 Solana into a fraudster's wallet.
|-
|January 5th, 2025
|Odaily Planet Daily Report
|Odaily Planet Daily reports that the official X account of the RWA lending protocol Centrifuge was hacked and false information was posted. Users are advised to remain vigilant and be cautious of risks.
|-
|January 5th, 2025 7:19:00 PM MST
|Whales Still Holding/Trading
|Apparently there are still 25 whales holding and trading the $YUMI token, despite Centrifugre reportedly confirming that their Twitter account was hacked.
|-
|January 6th, 2025 1:47:00 PM MST
|Post About Regained Access
|The Centrifuge team posts on Twitter/X to announce that they have successfully recovered access to the account after it was hacked on January 3rd. The attacker reportedly used a replica of Twitter's website to steal login details and bypass 2FA, allowing them to post malicious links. In response, Centrifuge partnered with security experts, alerted the community, and worked with Twitter to regain control by January 6th. Following the recovery, the team implemented enhanced security measures, including new 2FA settings, credential resets, and mandatory hardware security keys for critical services to prevent future attacks. They thank the community for their vigilance.
|-
|January 7th, 2025 3:24:00 AM MST
|Pandaly List Inclusion
|The incident is included in a list of recent hack/scam events compiled by Pandaly.
|-
|January 7th, 2025 10:08:00 AM MST
|Public Call Live Now
|The Centrifuge team are reportedly having a public call.
|}

== Technical Details ==
Fraudsters exploited Centrifuge's official Twitter account by creating a replica of the Twitter login page to steal sensitive information. On January 3rd, the attacker tricked the account’s followers into providing their account ID, password, and a one-time password generated by the two-factor authentication (2FA) system. This allowed the hacker to gain full access to the account, which enabled them to log out all active sessions, modify the 2FA settings, and prevent account recovery through standard methods.

With control of the account, the fraudster set up a mobile passkey to bypass any password reset attempts, effectively locking out legitimate account holders from regaining control. The attacker then used the compromised account to post malicious links, promoting a scam token. These posts misled followers into engaging with a fake fundraising address disguised as part of an AI project token, encouraging them to send funds to the scam address. This address was later found to hold 93.57 SOL, which represents the amount stolen through the fraud. These actions exploited the trust of Centrifuge’s community and put their assets at risk, underlining the need for swift intervention and enhanced security measures to prevent similar attacks in the future.

Some of the schemes launched by fraudsters included:

Fake Fundraising Address (Disguised as an AI Project Token): The primary scam involved posting a fraudulent fundraising address on Centrifuge's compromised Twitter account. The address was presented as part of an AI project token, luring followers into thinking they were contributing to a legitimate cause. This scam address eventually held 93.57 SOL.

AI Pool Investment Scam: In another attempt to deceive users, a tweet about a fake "AI pool" was shared, claiming that there were 48 hours left to participate with as little as 1 Solana. This was designed to encourage users to invest in the scam token $YUMI, which was linked to the fraudulent activities.

Phishing for Solana (SOL): A victim transferred 209.22 Solana into the scammer's wallet, highlighting that the attacker was directly targeting Solana holders by tricking them into sending funds to the fraudulent address. This type of scam is a classic example of a "phishing" attempt, where users are manipulated into sending cryptocurrency to an illegitimate wallet.

== Total Amount Lost ==
Losses appear to be significant, however there is no tally of all wallets which could be located.

The total amount lost is unknown.

== Immediate Reactions ==
Centrifuge reports that they quickly partnered with security experts, alerted the community, and attempted recovery through Twitter's standard process. They escalated the issue with Twitter, regaining control by January 6th. Immediate security measures were implemented, such as resetting credentials and 2FA settings.

== Ultimate Outcome ==
By January 6th, the account was secured, and Centrifuge implemented immediate security measures, including resetting credentials and 2FA, to prevent future breaches. Additionally, Centrifuge took further steps to enhance security, such as requiring hardware-based security keys for critical services and providing their team with enhanced training to detect phishing attacks. The compromised funds from the scam address were not mentioned as recovered, but the security of the account was restored, and the team emphasized their commitment to preventing similar incidents in the future.

== Total Amount Recovered ==
There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}

{{Prevention:Individuals:End}}

== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}

{{Prevention:Platforms:End}}

== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}

{{Prevention:Regulators:End}}

== References ==
<references><ref name="odailynews-17872">[https://www.odaily.news/newsflash/411298 Centrifuge官方X账户被盗并发布虚假信息，请当心风险_快讯-odaily] (Accessed Feb 6, 2025)</ref>

<ref name="centrifuge-17873">[https://centrifuge.io/ Centrifuge | The Platform for Onchain Finance] (Accessed Feb 6, 2025)</ref>

<ref name="centrifugetwitter-17874">[https://twitter.com/centrifuge/status/1876370075403317725 @centrifuge Twitter] (Accessed Feb 6, 2025)</ref>

<ref name="coinrankiotwitter-17875">[https://twitter.com/CoinRank_io/status/1875779227242602979 @CoinRank_io Twitter] (Accessed Feb 6, 2025)</ref>

<ref name="jefferystuarttwitter-17876">[https://twitter.com/jeffery__stuart/status/1875750565940166954 @jeffery__stuart Twitter] (Accessed Feb 6, 2025)</ref>

<ref name="gbbigbuytwitter-17877">[https://twitter.com/Gbbigbuy/status/1876677246393659491 @Gbbigbuy Twitter] (Accessed Feb 6, 2025)</ref>

<ref name="cryptalihanwallets-17878">[https://twitter.com/cryptalihan/status/1875869848133369874 cryptalihan - "Wallets connected to draine dont know if it helps" - Twitter/X] (Accessed Feb 6, 2025)</ref></references>

Centrifuge $YUMI AI Token Twitter/X Compromise - Revision history