Mandiant's brute-forced X account exposes perils of skimping on 2FA

Mandiant's X (Twitter) account was hijacked—likely via a successful brute-force password attack enabled by gaps in 2FA—then used to promote CLICKSINK drainer-as-a-service campaigns that phish crypto users and drain web3 wallets; Mandiant found no evidence its internal systems were breached. The report highlights the rising prevalence and profitability of DaaS drainers (Mandiant estimates ~$900M attributed to CLICKSINK since Dec 2023), common techniques such as phishing, SIM swapping and weak MFA adoption, and warns that these financially motivated campaigns will likely continue.