KEY POINTS

  • Hackers replaced the website URL of Gate.io on its official Twitter account
  • The said URL pointed to a fake site emulating the cryptocurrency exchange platform
  • As of 8:30 a.m. ET Sunday, Gate.io regained control of the compromised account

Hackers took over the official Twitter account of one of the world's biggest cryptocurrency exchange platforms, Gate.io, over the weekend, putting more than 1 million users at risk of losing funds via a phishing scam disguised as a Tether (USDT) giveaway.

Aside from hacking the official Twitter account of Gate.io, malicious actors also changed the website URL of the CEX on the page from Gate.io to gąte.com or https://xn--gte-ipa.com/, a fraudulent website emulating the cryptocurrency exchange platform.

The official Twitter account of PeckShield, a leading blockchain security company, was the first to get the wind of the situation and reported it on the microblogging site on Oct. 22.

"Seems like crypto-exchange Gate[.]io's verified Twitter account @gate_io was compromised & has been used to share links to fraudulent $USDT GIVEAWAY. gąte[.]com is the phishing site," the account tweeted alongside a couple of screenshots showing the changed website and the warning that the URL pointed to a phishing site.

The said site promoted a fake giveaway of 500,000 USDT, asking users to link their crypto wallets to claim their fake rewards. Once users connected their wallets, malicious actors then sent a request for the users to sign. Signing it meat giving them access to the funds.

Launched in 2013, Gate.io is one of the largest centralized cryptocurrency exchange platforms in the world. The platform has more than 1,400 crypto, more than 2,500 trading pairs and more than $12 billion in daily trading volume. It also supports margin and spot trading.

Gate.io released a statement confirming the incident on the same day the attack was discovered. It also announced the suspension of the Twitter account. The team then advised users to "NOT engage with any content on Gate.io's Twitter account:@gate.io."

As of 8:30 a.m. ET Sunday, Gate.io regained control of the compromised account. The team also fixed the website URL and removed the phishing site. However, it is unclear if anyone fell prey to the scam.

Gate.io also reminded its users to be more vigilant when signing in. "Security Notice: Please make sure the login link is our official website link before entering. To verify the link, please visit the official verification channel: https://www.gate.io/officialverify," it said in the statement.

The mid-July hack of celebrity Twitter accounts sought to get people to send Bitcoin with a promise of doubling their money
The mid-July hack of celebrity Twitter accounts sought to get people to send Bitcoin with a promise of doubling their money AFP / INA FASSBENDER