SimpleX Chat, a privacy-first messaging platform renowned for its commitment to user anonymity and metadata protection, recently announced that its official X (formerly Twitter) account has been compromised. This incident was the result of a coordinated attack that aimed to deceive users into connecting their cryptocurrency wallets to a counterfeit website designed to mimic the SimpleX Chat interface.
The Incident
According to SimpleX, the attackers exploited the “delegate” feature on X, which permits business accounts to assign posting permissions to third-party profiles. An unauthorized delegate was added to the @SimpleXChat account. Shortly after this breach, a tweet promoting a fraudulent initiative called “Perpetuals Early Access” appeared, linking users to a lookalike domain: simplexspot.com.
The scam tweet offered users the enticing opportunity to “become a founding user of the perpetual communication network” while promising “Security & Ownership That Never Expires.” This misleading message was designed to lure unsuspecting users into connecting their wallets via a button labeled “Connect Wallet,” mimicking common Web3 project onramps.
In addition to the fake tweet, over 30 verified X accounts were contacted through direct messages from the compromised @SimpleXChat profile, encouraging them to engage with or amplify the fraudulent message. Accounts belonging to @Netlify and @wellowealth were also hacked and utilized to broaden the scam’s reach.
Wello Wealth has confirmed that their account was breached and subsequently restored. However, Netlify has yet to publicly confirm or deny involvement in the incident.
The Scam Site
Visuals from the counterfeit site reveal a sleek interface strikingly similar to that of SimpleX Chat’s legitimate homepage. It features imagery of a connected globe, glowing network arcs, and familiar fonts. Notably, the “Connect Wallet” button does not exist on the genuine SimpleX Chat platform, which refrains from any crypto-based onboarding or token integration.
The fraudulent page includes branding, color schemes, and layouts consistent with the authentic SimpleX design, underscoring its deceptive appearance. Furthermore, it features misleading references to security audits purportedly conducted in 2022 and 2024, along with links to download various apps, all designed to reinforce its false legitimacy.
SimpleX’s Response
SimpleX’s founder, Evgeny Poberezkin, confirmed the breach and mentioned that the team lost access to two-factor authentication (2FA) during the incident. This hindered their ability to log in and remove the rogue tweet in a timely manner. Although they managed to reset the password, the unauthorized delegate had already retained access and posted the scam announcement before the team could intervene.
Fortunately, SimpleX has now regained control of its X account and expressed gratitude towards the platform’s support team for their swift action. The misleading tweet remained visible for approximately three hours before being taken down, aided by community members who flagged the scam publicly. Moreover, Poberezkin revealed that during the breach, the attackers obstructed communication from his personal account to limit warnings to the public.
Reports have been filed against the malicious domain with Cloudflare, the domain registrar NiceNIC, and the hosting provider OVHcloud; nonetheless, as of this update, the imposter website remains online.
No Crypto, No Tokens
In light of the attack, SimpleX clarified that it does not plan to introduce cryptocurrency-based services or tradable tokens. While the project may consider using blockchain technology for some infrastructure aspects in the future, none of these would require users to engage with crypto assets.
SimpleX cautioned users to be skeptical of any offers related to token presales, wallet connects, or cryptocurrency incentives unless officially confirmed through proper channels. The messaging platform stressed that it does not partake in short-term hype or time-sensitive campaigns, and that all roadmap updates are transparently communicated in advance to encourage community input.
Additionally, the SimpleX team urged X to enhance security measures surrounding its delegate feature, suggesting tighter controls and improved notifications for delegated access. The simplicity with which a trusted profile was manipulated into a tool for malicious intent underscores how business account features can be exploited for phishing and financial theft.
Know This X Users
For those active on X and involved in the cryptocurrency space, the following crucial security measures are recommended to safeguard your account and assets:
- Never connect wallets to unverified sites.
- Report impersonation sites directly to hosting providers and domain registration services.
- Exercise caution and avoid clicking on suspicious links from profiles that appear authentic without thorough verification.
