Twitter (NYSE:TWTR) stated that the large-scale hack which took place two weeks ago on its platform, was perpetrated by fraudsters looking to peddle a cryptocurrency scam from the accounts of genuine politicians and celebrities.
The hack was carried out via ‘spear-phishing’, whereby Twitter staff open bogus emails which snatch their personal credentials, and allow criminals to use staff support tools to hijack the accounts of dozens of genuine high profile personalities.
In a statement, Twitter said:
“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes,”
It added that, “This knowledge then enabled them to target additional employees who did have access to our account support tools.”
The company said some 130 accounts were targeted in the hack, with the fraudsters managing to Tweet from 45 of those targeted, while accessing the direct message inboxes of 36 and downloading data from seven.
The accounts of politicians, entertainers, businesses and executives were among those targeted, including Elon Musk, Kanye West, Bill Gates, Barack Obama, Uber and Apple. From the attacks, it is expected that fraudsters made away with some $113,500 in scammed proceeds.
What to look out for with crypto-fraud and API scams
In this recent scam, criminals posted Tweets from hacked accounts, offering to double the account of Bitcoin that victims sent to their enclosed address.
Offering their insights on the attack, cryptocurrency exchange company Bitfinex stated that the incident, “throws a spotlight onto emerging online security threats and the importance of robust cyber security.”
It continued, saying that the key threat to look out for as online consumers is API extraction attacks. The company said that, “These attacks start with supposed ‘trading consultants’ – who are really criminals – reaching out to traders by means of social media. These attackers convince unsuspecting victims to hand over their trading account’s API credentials under the pretext of helping them make better trades and earn higher trading revenues.”
Bitfinex stated that what actually happens is that attackers use their own accounts on the same trading platform to trade against their victims’ accounts. Fraudsters force a sale position n their victim’s account while at the same time placing a buy order of an equivalent amount on the attacker account.
Then, in a subsequent trade, the fraudsters will forcibly sell their newly acquired cryptocurrency back to the victim’s account at a higher price, a process which essentially hands money from a legitimate trader’s account, into the hands of a trickster.
Speaking on the recent attack, Bitfinex CTO, Paolo Adoino stated:
“The recent hacking incident on Twitter saw fraudsters prey on the naivety of their victims who unwittingly parted with their Bitcoin,”
“It was not an attack that showed any vulnerability in Bitcoin whatsoever, or the wider digital asset space. In fact, Bitcoin’s success has been built on an inherent anti-fragility that is resistant to hackers and fraud”, he added.
A victim of an API extraction attack also spoke out about their experience: “My advice is simple. Do not believe in miracles and do not give an API key to outsiders.”
Since the attack, Twitter appears to have since disabled the ability to share cryptocurrency trading addresses on its platform.
