Arthur Madrid, co-founder and CEO of metaverse project The Sandbox, was the victim of a Twitter account hack on May 26, according to a post from Madrid that was apparently made after he recovered the account. The attacker allegedly used Madrid’s account to promote a fake “airdrop” phishing scam.
In Madrid’s post, he warned Sandbox users that they should “never click on any link that promote Airdrop or URL and look SCAMMY – and not 100% using our proper and unique URL/domain name : http://sandbox.game.”
My Twitter was hacked today. and now is back. Please never click on any link that promote Airdrop or URL and look SCAMMY – and not 100% using our proper and unique URL/domain name : https://t.co/X3rXN9z8z7
— Arthur Madrid (@arthurmadrid) May 26, 2023
Four hours before Madrid’s post, The Sandbox’s official Twitter account also warned that a scammer had taken control of the account and was promoting “a scam / phishing link for a fake airdrop of SAND tokens.”
The post included a screenshot of the alleged scam post, which advertised a SAND token airdrop and encouraged users to “check eligibility and claim on the site,” referring users to a website with a different URL than the official one.
The Sandbox team stated that they were “working on getting the site down and fix it ASAP.”
?? Our CEO & Co-Founder Arthur Madrid’s Twitter account has been hacked ??
The hacker is posting a scam / phishing link for a fake airdrop of SAND tokens.
??Do NOT click on the link and instead report the post so it is blocked.
We’re working on getting the site down and fix… pic.twitter.com/sOqzAV5OUT
— The Sandbox (@TheSandboxGame) May 26, 2023
As of 8:26 pm UTC, the alleged scam site appears to have been taken down, as it now produces a 404 error.
Phishing attacks have become a frequent problem in the crypto community. On May 19, a scam-as-a-service called “Inferno Drainer” was reportedly discovered to be operating on Telegram, recruiting website builders to create hundreds of these phishing scam sites. By the time it was discovered, it had reportedly stolen nearly $6 million from users.
On April 15, cybersecurity firm Kaspersky reported that these types of attacks increased by 40% in 2022 compared to the previous year.