According to a report from PeckShield, on October 5, the X (formerly Twitter) account of the Symbiotic staking protocol was hacked. As of October 7, the official website of the team reports that the account is still under the control of the attackers.
The hacked account is promoting a "points checklist," offering users to click on a link to check their accumulated points. However, the link leads to a fake website — network-symbiotic[.]fi instead of the correct symbiotic.fi.
After connecting to the fake site with a wallet, users see a message that they have earned thousands of points, even if they never interacted with Symbiotic. The site urges immediate redemption of points, threatening their loss if this is not done. The "Redeem Points" button leads to a request to sign a message, which allows the attackers to drain the user's wallet.
Symbiotic warns on its official website that their X account has been compromised and urges not to interact with any links from this account.