Crypto scammers took over OpenAI’s press account to publish phishing hyperlinks that focused OpenAI customers.
Whereas the posts have now been deleted, crypto scammers managed to hijack OpenAI’s official press account on X on Sept. 23 to advertise a suspected phishing hyperlink. The ChatGPT developer has but to acknowledge the breach.
These behind the hack promoted a token referred to as “OPENAI,” claiming it will bridge the hole between blockchain and AI.
The posts falsely promised that customers may declare a portion of the token’s provide, permitting them entry to the platform’s future beta packages and attractive them to click on a phishing hyperlink that led to a flagged web site.
To lend an air of legitimacy and stop eagle-eyed customers from warning others concerning the hack, the attackers disabled feedback on the malicious posts, including the message: “Comments turned off due to malicious links. Good luck all!”
One consumer on X claimed the faux web site was designed to imitate the OpenAI branding and appeared legit at first look. Nonetheless, when clicking the OpenAI brand, a immediate would ask guests to attach their wallets.
When customers join their wallets to a malicious platform like this, they’re tricked into signing a fraudulent transaction. This transaction typically seems legit however truly grants the attacker management over the consumer’s property, enabling them to empty all funds saved within the compromised pockets.
Referred to as ‘approval phishing,’ these assaults have led to over $2.7 billion in losses since 2021, based on Chainalysis.
Sadly, related assaults have focused OpenAI execs on a number of events.
Most not too long ago, OpenAI researcher Jason Wei’s account was hacked to advertise the identical phishing scheme, with the attackers beforehand focusing on OpenAI’s Chief Scientist, Jakub Pachocki. Final 12 months, OpenAI CTO Mira Murati additionally confronted the same breach in June 2023.
As reported by crypto.information, digital reality-focused challenge Decentraland additionally suffered the identical destiny final week, with scammers selling a faux airdrop of its native token to mislead customers into connecting their wallets and approving a malicious transaction.
Whereas all of the aforementioned assaults share similarities, it’s unknown if the identical group of attackers is behind them.
