OpenAI’s Press Account Hacked for Phishing Scam with OPENAI Token

OpenAI, a leading artificial intelligence research lab, fell victim to a phishing scam orchestrated by crypto scammers who hacked into the organization’s press account. The incident, which occurred on September 23, 2024, saw the scammers post phishing links targeting OpenAI users, promising access to a token called “OPENAI” that purportedly bridged the gap between blockchain and AI.

Despite the posts being swiftly deleted, the attackers managed to hijack OpenAI’s official press account, marking the fourth such breach in the past 15 months. The scammers disabled comments on the malicious posts to prevent users from warning others about the hack, adding a message stating, “Comments turned off due to malicious links. Good luck all!”

One user reported that the fake website created by the scammers closely mimicked OpenAI’s branding, making it appear legitimate at first glance. However, upon clicking the OpenAI logo, visitors were prompted to connect their wallets, leading to a fraudulent transaction that granted the attackers control over the user’s assets.

This type of phishing attack, known as “approval phishing,” has resulted in over $2.7 billion in losses since 2021, according to Chainalysis. Unfortunately, OpenAI executives have been targeted in similar attacks in the past, with researcher Jason Wei and Chief Scientist Jakub Pachocki falling victim to the same scheme. Last year, OpenAI’s CTO Mira Murati also experienced a breach in June 2023.

The incident involving OpenAI is not an isolated case, as other cryptocurrency projects have also been targeted by scammers promoting fake airdrops to deceive users into connecting their wallets and approving malicious transactions. Decentraland, a virtual reality-focused project, recently faced a similar fate, underscoring the prevalence of such attacks in the crypto space.

While the attacks on OpenAI and other projects share similarities, it remains unclear whether the same group of attackers is behind them. As the crypto industry continues to grapple with security challenges, users are advised to exercise caution and verify the authenticity of websites and communications before sharing sensitive information or connecting their wallets.