Newspaper Twitter account hacked to promote Goblintown phishing scam


A Twitter hacker has compromised the account of EL Universal, a Latin American newspaper, to promote a fraudulent goblintown.wtf giveaway, an Ethereum-based non-fungible token (NFT) project, on-chain analyst @NFTherder unveiled.

The attacker changed El Universal’s Twitter name to goblintown.wtf, but left the username, @ElUniversal, intact. Additionally, the malicious actor linked a phishing URL to the account, hoping to steal from unwitting goblintown.wtf holders. The URL swaps the N in town with M.

According to @NFTherder, the attacker took control of El Universal’s account – which has 5.1 million followers – on June 4. Since then, the hacker has posted fraudulent tweets, promising to airdrop an additional 10,000 Goblins.

The goblintown.wtf collection has 9,999 NFTs, with the cheapest going for 5 Ethereum (ETH).

While the extent of the attack remains unknown, a Twitter user going by @topshotkief.eth claims to have lost 10 NFTs to the scam. Specifically, the user alleges that the attacker stole two Mutant Ape Yacht Club (MAYC) pieces and eight Cool Cats.

@NFTherder further revealed:

Of course the Goblintowm scam does ApprovalForAll to steal the assets of those that approve. It also seems the wallet responsible for @ElUniversal twitter account hack previously pulled off an Azuki Beanz scam.

After in-depth analysis, the analyst found that the address behind the goblintowm scam and the Azuki Beanz attack is the same.

Attackers continue targeting projects making headlines

This news comes after goblintown.wtf launched on May 22 and quickly rose to the top of NFT charts. Despite being less than a month old, the project has recorded a trading volume exceeding $70 million, according to data from Cryptoslam. Goblintown.wtf’s success comes as flagship NFTs collections like CryptoPunks, BAYC, Meebits, and Mutant Ape continue declining.

Goblintown NFTs on sale in OpenSea

The goblintown.wtf scam comes as bad actors continue attacking the NFT space. Earlier this month, an attacker compromised the Discord server of Yuga Labs’ Bored Ape Yacht Club (BAYC) project and stole approximately $355,000 worth of NFTs.

Before this, an exploit on BAYC’s Instagram account resulted in the theft of at least 54 NFTs. This hack came a few days ahead of Yuga Labs’ overhyped metaverse launch.

In May, renowned digital artist Mike Winkelmann – professionally known as Beeple – had his Twitter account hacked. This attack came after Beeple partnered with fashion giant Louis Vuitton to create 30 NFTs.



Share your love