Hey!
The @OnyxProtocol Twitter/X account was compromised on July 1st. It was recovered on July 9th. The incident occurred as follows and transparency around the situation is detailed below:
Summary: The @OnyxProtocol account was secured via a 10+ character password with a combination of alpha numeric, case variance, and symbols. The account was secured via a Google Authenticator 2FA (not SMS). The malicious actor used a zero-day method to get access to the account and bypassed both account password and 2FA.
After X/Twitter staff finally responded to the situation, it was explained that an internal method was used to access the account and it based on the information collected it was a zero day compromise.
Timeline of events:
• On July 1, At 12:58pm PST, there was a password reset request to the ••••••••@••••.••• email account.
• On July 1, 1:29pm PST, a login from Japan on an Android device came which was unauthorized.
• Then at 1:57pm PST a password was reset and 2FA reset to a new 2FA.
• At 2:00pm PST, the DAO was unable to access the account there after
• On July 1 and multiple days after, the community opened several tickets which none were answered properly
• Finally on July 9, the DAO regained access to the account
For those affected
Email info@onyx.org details about your interactions with the malicious links and the DAO will work with the individuals to recover funds.
