The X account of the fifth-largest Ethereum DApp, Rocket Pool, has been hacked by bad actors urging users to transfer their funds because of a smart contract exploit.
Users on X (formerly Twitter) are reporting that warnings about the hacking of the Rocket Pool protocol are themselves the work of hackers.
Six warnings appeared on the Rocket Pool X account, beginning at 6:30 pm UTC. The posts were removed at 7:05 pm UTC but began to appear again minutes later.
“A vulnerability has been found in our smart contracts that is being exploited by bad actors. During this time, we cannot guarantee the safety of any assets tied to our smart contracts. Please migrate your assets below to remain safe,” users read on Rocket Pool’s X account. That message alternated with similar messages such as:
“Bad actors are performing fake deposit attacks. Migrate to the new contract below to ensure your assets are safe.”
Other inappropriate messages have reportedly appeared on the account as well.
What on earth is going on with @Rocket_Pool ? They just posted a racist tweet and delete it 💀
— The C Man (@TheCMan10) January 17, 2024
Meanwhile, Rocket Pool was warning readers on other social media not to respond to the messages.
Those warnings were quickly picked up and redistributed to X, which was soon flooded with them.
🚨Rocket Pool is compromised. The link goes to a drainer.
— Webacy – Safety Never Sleeps (@mywebacy) January 17, 2024
Rocket Pool is listed as the fifth-largest Ethereum decentralized application (DApp) by DefiLlama, with $2.9 billion in total value locked. It launched its mainnet in November 2021.
— BraveNewDeFi.lens 🐢 nexusmutant.eth (@BraveDeFi) January 17, 2024
X hacking gained the attention of the X crypto community in a big way on Jan. 9, when the United States Securities and Exchange Commission (SEC) account was hacked and the approval of spot Bitcoin exchange-traded fund applicants was announced prematurely.
🚨🚨🚨 Rocket Pool twitter compromised. Do not click any links.
The account that is compromised is @Rocket_Pool
— Naruto11.eth (@naruto11eth) January 17, 2024
At the time of writing, suspicious messages remain on the Rocket Pool X page.