CZ took to Twitter on July 21 to warn his readers about phishing and other social engineering scams. He also recommended cryptocurrency exchange users rely on hardware devices for two-factor authentication instead of using mobile carrier-based 2FA, for example.
“Best to enable 2FA with a hardware device (Yubikey) on all crypto exchanges,” the Binance CEO wrote.
Zhao’s warning came shortly after Uniswap founder Hayden Adams had his Twitter account compromised on July 20. After taking over Adams’ account, the attacker attempted to scam his followers through a malicious link posted on his page. Members of Crypto Twitter quickly identified and warned others against the scam.
Adams subsequently restored access to his account in a matter of hours. He also promised to follow up with updates when ready.
The number of social engineering attacks in the cryptocurrency industry has been rising.
In early July, LayerZero CEO Bryan Pellegrino became a victim of a SIM swap attack, which allowed hackers to briefly take over his Twitter. The executive suggested that the attackers used his speaker badge at the Collision conference, which he happened to put in the trash.
Blockchain security experts say the trend of social engineering hacks like SIM swap attacks could continue gaining stream in the near future.
According to SlowMist chief information security officer “23pds,” SIM swapping also doesn’t require high-level technical skills. After Uniswap’s Adams reported he was back on Twitter, 23pds also referred to Cointelegraph’s recent coverage of SIM swap hacks.
“I was just doing an interview last week about the current state of sim swap hijacking, and I didn’t realize there were several attacks so soon,” he wrote. In the article, 23pds and other cybersecurity experts offered some methods to prevent social engineering hacks like phishing as well.
— 23pds (@IM_23pds) July 21, 2023
One core protection measure recommended to take against a SIM swap hack is restricting the usage of SIM card-based methods for 2FA verification. Instead, using apps like Google Authenticator or Authy is more secure.