The X (formerly Twitter) account for decentralized finance (DeFi) protocol Compound Finance has been hacked and is now promoting a fake phishing site, according to security-related X accounts Scam Sniffer and Officer's Notes.

At 4:57 p.m. UTC, the account posted an advertisement for "free $COMP tokens," urging readers to click a link provided. The link leads to compound-labs.xyz, a website that looks identical to the protocol's official website at compound.finance, but has been identified as a scam site.

Cybersecurity blogger Officer's Notes posted an alert from their account at 5:14 UTC, urging readers to not click on any links in the post.

Blockchain security platform Scam Sniffer also altered users, stating that "A phishing link (compound-labs[.]xyz) was spotted 16 hours ago" coming from the official X account.

Alert: @compoundfinance's Twitter account has been compromised. Do not click on any links posted from their account.

A phishing link (compound-labs[.]xyz) was spotted 16 hours ago.

Stay vigilant and ensure the safety of your assets by avoiding suspicious links. pic.twitter.com/yoa1RM4P4E — Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 29, 2023

According to Scam Sniffer's post, the fake phishing site being advertised is a "Pink Drainer scam website," implying that it is a phishing site that uses the Pink Drainer software to steal users' crypto. The post also states that blockchain investigator ZachXBT has traced funds that have been stolen by the site. The stolen funds have been laundered through the eXch exchange.

On Telegram, ZachXBT reported: "Looks like someone got phished for ~275,700 LINK ($4.4M) 2.5 hrs ago" and claimed that these funds were laundered through eXch. If this attack is related to the Compound X hack, it implies that at least $4.4 million has been lost already. However, ZachXBT did not explicitly state that this attack was related to the Compound hack.

ZachXBT's Telegram post about a Dec. 29 phishing attack. Source: ZachXBT Investigations, Telegram

The post links to two Ethereum transactions. The first shows a transfer of over 206,000 Chainlink (LINK) tokens ($3.2 million at the current price) from a Pink Drainer wallet to a known phishing scammer address. The second shows a transfer of approximately 69,000 LINK ($1 million) from an account ending in 8dd4cf to a Pink Drainer wallet address.

The post also linked to a Scam Sniffer alert related to the incident. According to the alert, the account ending in 8dd4cf is the victim of the attack. Blockchain data shows that the victim signed an approval transaction allowing the attacker to spend a very large amount of LINK.

Account authorizing PinkDrainer wallet to spend LINK. Source: Etherscan

This is a developing story, and further information will be added as it becomes available.