In yet another example of why you should be careful about believing anything you see on social media – even if it comes from an account with a blue checkmark – the University of the Philippines’ (UP) main Twitter account, @upsystem. was hacked yesterday as part of an apparent NFT scam that sought to exploit the university’s verified account.
The account, which has over 200,000 followers, had its name changed to “takashi murakami” — apparently in an attempt to make people think it was the official account of the contemporary Japanese artist, best known for his pop-art sensibilities and signature “Superflat” aesthetic. The account’s profile description was erased and its location was changed to Tokyo.
Initially, the account posted a number of bizarre tweets that read, “To celebrate the launch, we’re going to airdrop Murakami Flower Seeds!” This was followed by a link, which likely led to a phishing website.
NFT phishing scammers are known to target verified accounts to lend credibility to their illicit links.
“Airdrop” in crypto lingo refers to the release of new NFTs and Murakami Flower Seeds are indeed a legitimate series of NFTs created by the actual Murakami. The phishing tweets said that the NFTs were free to claim but required people to pay “gas” fees, which is the price required to complete crypto transactions on the blockchain.
The tweets have since been taken down by Twitter but the changes to the profile still remain as of the time of writing. Previous tweets from the actual university still remain up as well.
UP acknowledged the hack in a Facebook post and said that they were working on retrieving the account as soon as possible.
“Unknown users took over @upsystem on Twitter at 7:20 PM on 25 April, Monday. Since then, the account has been renamed and has posted content not affiliated with the University,” it wrote.
UP called on its followers to keep themselves updated through the university’s other official social media accounts.
“The UP MPRO assures the public that @upsystem will be recovered and again used in the service of the University community and the Filipino people.”
Earlier this month, Murakami tweeted a warning to his followers about potential phishing scams posing as legit Murakami NFTs, advising them to only trust his official website.
Please beware: The only official site for M.F project is https://t.co/5qBkC2R6SI and all others are fake.
— takashi murakami (@takashipom) April 15, 2022
This is far from the first NFT phishing scam that has attempted to trick crypto enthusiasts. Just yesterday, a crypto thief managed to steal US$1 million worth of Bored Ape Yacht Club NFTs by hacking BAYC’s official Instagram account.