Rocket Pool X account hacked, falsely reporting smart contract hack

The X account of the fifth-largest Ethereum DApp has been taken over by bad actors urging users to transfer their funds because of bad actors.

Users on X (formerly Twitter) are reporting that warnings about the hacking of the Rocket Pool protocol are themselves the work of hackers. Six warnings appeared on the Rocket Pool X account, beginning at 6:30 pm UTC. The posts were removed at 7:05 pm UTC but began to appear again minutes later.

“A vulnerability has been found in our smart contracts that is being exploited by bad actors. During this time, we cannot guarantee the safety of any assets tied to our smart contracts. Please migrate your assets below to remain safe,” users read on Rocket Pool’s X account. That message alternated with similar messages such as:

 “Bad actors are performing fake deposit attacks. Migrate to the new contract below to ensure your assets are safe.”

Other inappropriate messages have reportedly appeared on the account as well.

Meanwhile, Rocket Pool was warning readers on other social media not to respond to the messages. Those warnings were quickly picked up and redistributed to X, which was soon flooded with them.

Rocket Pool is compromised. The link goes to a drainer.

Do not migrate your assets. If you need to revoke you can revoke using your Webacy Dashboard.https://t.co/aXHZaQQ2Jq pic.twitter.com/5a1fTQv9qK

— Webacy – Safety Never Sleeps (@mywebacy) January 17, 2024

Rocket Pool is listed as the fifth-largest Ethereum decentralized application (DApp) by DefiLlama, with $2.9 billion in total value locked. It launched its mainnet in November 2021.

DO NOT CLICK ANY LINKS FROM THIS ACCOUNT! The Rocket Pool Twitter has been compromised
This is a scam https://t.co/yyeSAKCWai pic.twitter.com/t2zU81clfD

— BraveNewDeFi.lens nexusmutant.eth (@BraveDeFi) January 17, 2024

Related: Lido, Rocket Pool team members argue over decentralization

X hacking gained the attention of the X crypto community in a big way on Jan. 9, when the United States Securities and Exchange Commission (SEC) account was hacked and the approval of spot Bitcoin exchange-traded fund applicants was announced prematurely.

pic.twitter.com/VkzNdFv0ZP

— Smacaud (@Smacaud1) January 17, 2024

At the time of writing, suspicious messages remain on the Rocket Pool X page.