Crypto scammers took over OpenAI’s press account to post phishing links that targeted OpenAI users.
While the posts have now been deleted, crypto scammers managed to hijack OpenAI’s official press account on X on Sept. 23 to promote a suspected phishing link. The ChatGPT developer has yet to acknowledge the breach.
Those behind the hack promoted a token called “OPENAI,” claiming it would bridge the gap between blockchain and AI.
The posts falsely promised that users could claim a portion of the token’s supply, allowing them access to the platform’s future beta programs and enticing them to click a phishing link that led to a flagged website.
To lend an air of legitimacy and prevent eagle-eyed users from warning others about the hack, the attackers disabled comments on the malicious posts, adding the message: “Comments turned off due to malicious links. Good luck all!”
One user on X claimed the fake website was designed to mimic the OpenAI branding and looked legitimate at first glance. However, when clicking the OpenAI logo, a prompt would ask visitors to connect their wallets.
When users connect their wallets to a malicious platform like this, they are tricked into signing a fraudulent transaction. This transaction often appears legitimate but actually grants the attacker control over the user’s assets, enabling them to drain all funds stored in the compromised wallet.
Called ‘approval phishing,’ these attacks have led to over $2.7 billion in losses since 2021, according to Chainalysis.
Unfortunately, similar attacks have targeted OpenAI execs on multiple occasions.
Most recently, OpenAI researcher Jason Wei’s account was hacked to promote the same phishing scheme, with the attackers previously targeting OpenAI’s Chief Scientist, Jakub Pachocki. Last year, OpenAI CTO Mira Murati also faced a similar breach in June 2023.
As reported by crypto.news, virtual reality-focused project Decentraland also suffered the same fate last week, with scammers promoting a fake airdrop of its native token to mislead users into connecting their wallets and approving a malicious transaction.
While all the aforementioned attacks share similarities, it is unknown if the same group of attackers is behind them.