CoinGecko Employee Falls Prey to Calendly Phishing Scam

One of the team members behind the leading cryptocurrency data aggregator inadvertently granted access to CoinGecko’s X accounts through a malicious Calendly link.

Gecko in a trap
Scammers have been actively exploiting the "Add Custom Link" feature of the popular app, mimicking its website to deceive potential victims

Calendly has recently attracted many scammers targeting cryptocurrency users and employees of Web3-related projects. The popularity of this event-scheduling application provides criminals with numerous opportunities to integrate it into their scams.

Read also: Private Key Compromises and Exit Scams Are Current Major Web3 Threats

CoinGecko, a leading cryptocurrency aggregator, recently fell victim to a malicious actor who lured one of the platform’s employees into clicking on a fraudulent Calendly link. This action granted "unauthorized app access to a hacker who then posted on our behalf," as revealed by the CoinGecko team today on the X platform. Despite implementing two-factor authentication and robust security measures mentioned by CoinGecko, these precautions were not sufficient to protect employees from such a phishing attack.

The Calendly scam deployed by CoinGecko’s attacker likely aimed to gain access to the aggregator’s X accounts, including CoinGecko and GeckoTerminal, to distribute phishing links and exploit the platform’s followers. According to the aggregator’s team, both CoinGecko and GeckoTerminal "have been successfully secured.'" CoinGecko apologized for the incident and pledged to "uphold security and improve internal controls."

In November, the blockchain security company SlowMist explained one of the mechanisms behind Calendly scams.

According to SlowMist, many hackers exploit the "Add Custom Link" feature provided by Calendly, allowing them to directly insert malicious links that trigger phishing attacks under the guise of redirecting users to legitimate pages containing convincing details.

"Malicious links sent by hacker organizations through Calendly are well-integrated with the daily work backgrounds of most users, making these links difficult to arouse suspicion," SlowMist stressed earlier. The blockchain security experts added that downloading and executing the code distributed through such links can lead to financial losses.

Read also: Turbulent Start of 2024: Gamma Strategies, Radiant Capital Hacks and Solana Drainers

Moreover, the Calendly scam has continued to evolve since last year, and one of the most recent warnings from SlowMist mentions an alternative type of attack.

In this case, criminals lure their potential victims into interacting with malicious links disguised as legitimate Calendly links. "Upon clicking, the link’s name changes to 'Calendly.,' with an additional dot, tricking you into authorizing control of your X account. This enables the scammers to post phishing links through your posts," SlowMist explains.