Centrifuge $YUMI AI Token Twitter/X Compromise

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 16:13, 6 February 2025 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/centrifuge$yumiaitokentwitterxcompromise.php}} {{Unattributed Sources}} thumb|Centrifuge Logo/HomepageCentrifuge, a platform for tokenizing real-world assets (RWAs) within decentralized finance (DeFi), was compromised when its official Twitter account was hacked on January 3rd. The attacker used a replica of Twitter’s login page to steal login credentials and...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Centrifuge Logo/Homepage

Centrifuge, a platform for tokenizing real-world assets (RWAs) within decentralized finance (DeFi), was compromised when its official Twitter account was hacked on January 3rd. The attacker used a replica of Twitter’s login page to steal login credentials and bypass 2FA, gaining full access to the account. They posted fraudulent links, including a fake fundraising address disguised as an AI project token, which led to the theft of 93.57 SOL. The fraudster also promoted an "AI pool" investment scam and targeted Solana holders. Centrifuge acted quickly by partnering with security experts, alerting the community, and working with Twitter to regain control by January 6th. After securing the account, the platform implemented additional security measures, such as hardware security keys and enhanced training to prevent future breaches.[1][2][3][4][5][6][7]

About Centrifuge

Centrifuge and Plume Network have partnered to drive next-generation innovation in tokenized real-world assets (RWAs) within decentralized finance (DeFi). Centrifuge's platform provides the infrastructure for tokenizing a wide range of assets, enabling seamless management of funds and access to real-time on-chain data. With over $675 million in assets financed and more than 1,600 assets tokenized, Centrifuge supports asset managers and investors by offering a transparent, scalable, and flexible environment for RWA investments. The platform is designed to enhance efficiency while providing full transparency of asset performance and transactions.

The partnership with Plume Network aims to further revolutionize the DeFi ecosystem by integrating real-world assets into decentralized finance protocols, creating new opportunities for liquidity and institutional adoption. Centrifuge’s commitment to this innovative market is demonstrated through its strategic collaborations with key industry players, such as Aave, BlockTower, MakerDAO, and others. These partnerships help unlock the potential of tokenized RWAs, enhancing the stability of DeFi ecosystems and paving the way for broader institutional participation in blockchain-based finance. Centrifuge is now positioned as a leader in real-world asset tokenization, focused on accelerating DeFi's evolution by providing essential tools and expertise to the sector.

The Reality

It would appear that the team managing the Centrifuge Twitter/X account was not trained in understanding phishing attacks.

What Happened

"The official X account of the RWA lending protocol Centrifuge was compromised, and fake information was posted."

Key Event Timeline - Centrifuge $YUMI AI Token Twitter/X Compromise
Date Event Description
January 4th, 2025 8:45:00 PM MST Jeffrey Stuart Bullish On Hack According to one trader, "hacking corporate crypto accounts with anime waifus is the meta we need" and "thats why its bullish dummy".
January 4th, 2025 10:39:00 PM MST CoinRank News Posted CoinRank posts an announcement that on January 5, the official Twitter account of the RWA lending protocol Centrifuge was hacked. The hacker posted a fundraising address disguised as an AI project token, which currently holds 93.57 SOL. Users are warned not to interact with the compromised account and are urged to remain vigilant to protect their assets.
January 5th, 2025 2:57:00 AM MST @0x4Graham Warning Tweet "The @centrifuge account has been hacked. We've been emailing you for 2 days now, but to no avail. Please, if anything just suspend the account so the HACKERS cannot post anymore scams."
January 5th, 2025 7:09:00 AM MST YUMI AI Pool Post A reported tweet shares that there are 48 hours left to get in on the AI pool, with as little as 1 Solana invested.
January 5th, 2025 8:01:54 AM MST Victim Sending Funds Transaction One of the largest transactions, transfering 209.22 Solana into a fraudster's wallet.
January 5th, 2025 Odaily Planet Daily Report Odaily Planet Daily reports that the official X account of the RWA lending protocol Centrifuge was hacked and false information was posted. Users are advised to remain vigilant and be cautious of risks.
January 5th, 2025 7:19:00 PM MST Whales Still Holding/Trading Apparently there are still 25 whales holding and trading the $YUMI token, despite Centrifugre reportedly confirming that their Twitter account was hacked.
January 6th, 2025 1:47:00 PM MST Post About Regained Access The Centrifuge team posts on Twitter/X to announce that they have successfully recovered access to the account after it was hacked on January 3rd. The attacker reportedly used a replica of Twitter's website to steal login details and bypass 2FA, allowing them to post malicious links. In response, Centrifuge partnered with security experts, alerted the community, and worked with Twitter to regain control by January 6th. Following the recovery, the team implemented enhanced security measures, including new 2FA settings, credential resets, and mandatory hardware security keys for critical services to prevent future attacks. They thank the community for their vigilance.
January 7th, 2025 3:24:00 AM MST Pandaly List Inclusion The incident is included in a list of recent hack/scam events compiled by Pandaly.
January 7th, 2025 10:08:00 AM MST Public Call Live Now The Centrifuge team are reportedly having a public call.

Technical Details

Fraudsters exploited Centrifuge's official Twitter account by creating a replica of the Twitter login page to steal sensitive information. On January 3rd, the attacker tricked the account’s followers into providing their account ID, password, and a one-time password generated by the two-factor authentication (2FA) system. This allowed the hacker to gain full access to the account, which enabled them to log out all active sessions, modify the 2FA settings, and prevent account recovery through standard methods.

With control of the account, the fraudster set up a mobile passkey to bypass any password reset attempts, effectively locking out legitimate account holders from regaining control. The attacker then used the compromised account to post malicious links, promoting a scam token. These posts misled followers into engaging with a fake fundraising address disguised as part of an AI project token, encouraging them to send funds to the scam address. This address was later found to hold 93.57 SOL, which represents the amount stolen through the fraud. These actions exploited the trust of Centrifuge’s community and put their assets at risk, underlining the need for swift intervention and enhanced security measures to prevent similar attacks in the future.

Some of the schemes launched by fraudsters included:

Fake Fundraising Address (Disguised as an AI Project Token): The primary scam involved posting a fraudulent fundraising address on Centrifuge's compromised Twitter account. The address was presented as part of an AI project token, luring followers into thinking they were contributing to a legitimate cause. This scam address eventually held 93.57 SOL.

AI Pool Investment Scam: In another attempt to deceive users, a tweet about a fake "AI pool" was shared, claiming that there were 48 hours left to participate with as little as 1 Solana. This was designed to encourage users to invest in the scam token $YUMI, which was linked to the fraudulent activities.

Phishing for Solana (SOL): A victim transferred 209.22 Solana into the scammer's wallet, highlighting that the attacker was directly targeting Solana holders by tricking them into sending funds to the fraudulent address. This type of scam is a classic example of a "phishing" attempt, where users are manipulated into sending cryptocurrency to an illegitimate wallet.

Total Amount Lost

Losses appear to be significant, however there is no tally of all wallets which could be located.

The total amount lost is unknown.

Immediate Reactions

Centrifuge reports that they quickly partnered with security experts, alerted the community, and attempted recovery through Twitter's standard process. They escalated the issue with Twitter, regaining control by January 6th. Immediate security measures were implemented, such as resetting credentials and 2FA settings.

Ultimate Outcome

By January 6th, the account was secured, and Centrifuge implemented immediate security measures, including resetting credentials and 2FA, to prevent future breaches. Additionally, Centrifuge took further steps to enhance security, such as requiring hardware-based security keys for critical services and providing their team with enhanced training to detect phishing attacks. The compromised funds from the scam address were not mentioned as recovered, but the security of the account was restored, and the team emphasized their commitment to preventing similar incidents in the future.

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Centrifuge官方X账户被盗并发布虚假信息,请当心风险_快讯-odaily (Accessed Feb 6, 2025)
  2. Centrifuge | The Platform for Onchain Finance (Accessed Feb 6, 2025)
  3. @centrifuge Twitter (Accessed Feb 6, 2025)
  4. @CoinRank_io Twitter (Accessed Feb 6, 2025)
  5. @jeffery__stuart Twitter (Accessed Feb 6, 2025)
  6. @Gbbigbuy Twitter (Accessed Feb 6, 2025)
  7. cryptalihan - "Wallets connected to draine dont know if it helps" - Twitter/X (Accessed Feb 6, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Centrifuge_$YUMI_AI_Token_Twitter/X_Compromise&oldid=6523"