Connect with us

Cryptocurrency

Twitter Hack Targets High-Profile Accounts

Published

on

Joe Biden, Elon Musk, Jeff Bezos and other high-profile Twitter account holders were the targets of a widespread hack to offer fake bitcoin deals on Wednesday in one of the most pronounced security breaches on a social media site. Accounts for former US president Barack Obama, Microsoft co-founder Bill Gates, musician Kanye West and both Uber and Apple also posted similar tweets, all instructing people to send cryptocurrency to the same bitcoin address. The tweets were removed throughout the afternoon, shortly after being posted.

Satnam Narang, Staff Research Engineer, Tenable

“The hackers ask users to send anywhere between 0.1 BTC to 20 BTC to a designated Bitcoin address and that they’ll double victims’ money,” explained Satnam Narang, Staff Research Engineer, Tenable. “This is a common scam that has persisted for a few years now, where scammers will impersonate notable cryptocurrency figures or individuals. What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams. Because the tweets originated from these verified accounts, the chances of users placing their trust in the CryptoForHealth website or the purported Bitcoin address is even greater.”

Narang further added that this is a fast moving target and so far over $50,000 has been received by the Bitcoin address featured on the CryptoForHealth website and in Elon and Bill Gates’ tweets. “We strongly advise users never to participate in so-called giveaways or opportunities that claim to double your cryptocurrency because they’re almost always guaranteed to be a scam,” Narang said.

There have been hacks of high-profile individual accounts on Twitter before, including Twitter chief executive Jack Dorsey last year. But the widespread nature of this attack suggested an unusually broad access to internal controls. While it was unclear how the attacks originated or why they went on for hours, some cybersecurity experts speculated that someone may have gained access to internal Twitter controls that allowed them to take over and post on the accounts.

Loïc Guézo, Senior Director of Cybersecurity Strategy, EMEA at Proofpoint

“While the origins and scope of this pervasive attack are under investigation, the coordinated Bitcoin giveaway scam itself was designed to convince millions of Twitter followers to believe the fraudulent tweets, click the link, and pay Bitcoin,” said Loïc Guézo, Senior Director of Cybersecurity Strategy, EMEA at Proofpoint. “People are still a main focus for threat actors, even in scenarios where a system is possibly compromised. The social engineering featured in this scam demonstrates that the attackers targeted Twitter employees with access to internal tools and preyed on the trust associated with verified accounts and the attraction of doubling your money. To make the scam seem more authentic, they even set a time limit and an easy payment option to drive a swift response. Threat actors understand human nature and are unrelentingly focused on taking advantage of our society’s trust in digital channels.”

The attack also partially shut down the network. Twitter said in a tweet that some users weren’t able to tweet while it was addressing the incident. Users with the check mark indicating that their accounts were verified by Twitter reported that they weren’t able to tweet. Twitter started letting verified accounts tweet again yesterday night but warned the “functionality may come and go” as it worked on a fix to the breach. Later the same night, Dorsey tweeted that the company was “diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” He called it a “tough day” at Twitter.

Paul Ducklin, principal research scientist, Sophos

“Until we know exactly how these scam tweets were sent, it’s difficult to suggest what actions you might take, particularly given that access to services such as password changes (and presumably also changing details such as two-factor authnetication numbers) is being restricted,” explained Paul Ducklin, principal research scientist, Sophos. “However, these scammers will only succeed if people fall for their unlikely messages – which rely on people suspending their disbelief simply because the tweet comes from a celebrity or someone they are inclined to trust.”

Twitter said in a later tweet that it “detected a coordinated attack by people who successfully targeted some of our employees with access to internal systems and tools.” The hackers used that access to take over the accounts. The breach will create major optics challenges for Twitter, and it will make it more challenging moving forward to verify the authenticity of messages on the service, cybersecurity experts warned. That could have wide-reaching implications for politicians, celebrities and brands that use Twitter as an essential channel for communication.

Some of the people who were hacked indicated that they had turned on two-factor authentication and were using strong passwords, which typically makes unauthorized account access much more difficult. Meanwhile, Uber’s corporate account posted a tweet that read, “Due to Covid-19, we are giving back over $10,000,000 in Bitcoin! All payments sent to our address below will be sent back doubled.”

Uber confirmed in a tweet that its account had been hacked. “Like many others, our @Uber account was hit by a scammer today. The tweet has been deleted and we’re working directly with @Twitter to figure out what happened,” the company’s communication team tweeted. Then came a tweet from Amazon CEO and Washington Post owner Bezos’s account. “I have decided to give back to my community.” The tweet said it would be limited to $50 million.

Twitter said in tweets Wednesday night that it had “locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.” Meanwhile, the company is internally limiting access to tools while it investigates what happened.

Click to comment

You must be logged in to post a comment Login

Leave a Reply

Cryptocurrency

Donald Trump Launches $99 Digital Trading Card NFTs

Published

on

Former US President Donald Trump announced on Thursday that he has released a collection of 45,000 non-fungible tokens (NFTs), called the Trump Digital Trading Cards, on Truth Social, the social media site he founded last year. The tokens, which are similar to collectible baseball cards and are minted on Polygon, cost $99 each and can be purchased with ether (ETH) or in fiat currency. At the end of the checkout process, customers are given the option to purchase multiple trading cards.

There is also a promotion offering a guaranteed ticket to a gala dinner with Trump for purchasing 45 NFTs at once, which would cost $4455. Collectors who purchase a Trump Digital Trading Card will be entered into a “sweepstakes” to win experiences with the former president, including a zoom call, a dinner in Miami, or a cocktail hour at Mar-a-Lago. The trading cards have rarity traits ranging from one-of-a-kind to a maximum of 20 copies, according to the collection’s website. Despite previously stating that he was “not a fan” of cryptocurrency in July 2019, Trump appears to be enthusiastic about promoting his new NFT collection.

“GET YOUR CARDS NOW! Only $99 each! Would make a great Christmas gift. Don’t Wait. They will be gone, I believe, very quickly!” he wrote in a post on his platform. The collection’s website also features a promotional video from Trump, in which he says, “Each card comes with an automatic chance to win amazing prizes like dinner with me. I don’t know if it’s an amazing prize but it’s what we have.”

The project initially received criticism on Twitter, with some labeling the collection a “scam.” Others noted previous reports of his questionable 2020 campaign fundraising efforts and allegations of murky spending. Shares of Digital World Acquisition Corp (DWAC), a special purpose acquisition company (SPAC) that entered into a proposed merger deal with Trump’s social media company, dropped by about 7% after the announcement of his NFT collection. This is President Trump’s first official NFT project, but his wife, Melania Trump, launched her own NFT collection called “Cobalt Blue Eyes” almost exactly a year ago.

Continue Reading

Cryptocurrency

Ledger Launches the Ledger Stax

Published

on

Ledger has teamed up with Tony Fadell, builder of the iPod1, to bring clarity and confidence to owning digital value. Ledger StaxTM is a usable way for you to take control of cryptocurrency and digital collectibles. It’s built on uncompromisingly secure architecture and introduces a unique form designed for unprecedented accessibility and interactivity.

Ledger Stax has a new E-Ink display, which covers the front and curves around the spine—you can view complete transaction details at a glance. E Ink is always viewable: your favorite art appears on the Ledger Stax screen, even when it is off. It also provides unmatched energy efficiency, so the battery can last for weeks or even months on one battery charge.

“With the Ledger NanoTM series, we created the most successful digital asset security hardware of all time—with more than 5 million sold and none ever hacked,” says Pascal Gauthier, CEO, and Chairman of Ledger. “Digital assets are increasingly about identity and digital ownership, not just crypto like Bitcoin. The time is now for a device for more mainstream users. At the same time, we must not compromise on security. This is Ledger Stax—secure and accessible.”

Tony Fadell designed Ledger Stax, in collaboration with Layer, as a credit card-sized device with integrated magnets, making them easily stackable, particularly for those who own multiple devices. The curved E Ink spine shows what’s inside, like a book on a shelf. Ledger Stax uses secure USB-C to connect to the comprehensive Ledger Live app on your laptop, and Bluetooth to connect to the Ledger Live Mobile app on your smartphone. It will utilize Ledger Connect, our upcoming crypto wallet extension, to connect to Web3 apps from anywhere. Ledger Stax also supports wireless Qi charging.

“Digging into Ledger’s proven security technology and trying all the ‘best’ hardware wallets out there convinced me to build a next-gen device with Pascal, Ian, and the amazing Ledger team,” says Tony Fadell, designer of Ledger Stax and Principal at Build Collective. “We need a user-friendly…no! A ‘user-delightful’ tool, to bring digital asset security to the rest of us, not just the geeks.”

The new user interface enables clear, intuitive interaction. Out of the box, Ledger Stax lets you manage your NFT collection and over 500 coins and assets. The touch interface empowers Ledger’s exceptional developer community to build innovative Web3 applications that are more accessible, with uncompromising security. Ledger Stax will be available in Q1 2023. You can pre-order today on Ledger.com. In the future, it will also be available from select retailers such as BestBuy in the United States.

Every Ledger Stax includes an Infinity Pass, providing a free NFT and future benefits. Furthermore, a Ledger Stax NFT is available to mint on Ledger Market to unlock access to an exclusive piece of NFT artwork from Ledger’s network of hand-picked artists, and also redeem a Ledger Stax device. Ledger Market Genesis Pass holders have special mint priority for this mint.

“Tony Fadell has both the circuit board and the billboard in mind when he builds a product,” says Ian Rogers, Chief Experience Officer at Ledger. “With Ledger Stax, we have made a device that is cool, beautiful, and fun. Together we have fused the uncompromising security and self-custody culture of Ledger, with the equally uncompromising user-experience-focused culture of Tony and his team. The result is the first true secure consumer hardware device for the revolution of value brought by blockchain technology.”

SPECS:
Dimensions: 85mm × 54mm × 6mm (credit card length and width)
Security: Ledger EAL 5+ certified secure element
Screen type: E Ink (up to 16 grays), customizable always-on lock screen, capacitive touch Screen resolution: 672 × 400 pixels
Weight: 45g
Connectivity: USB C, Bluetooth 5.2
Unique magnet array for easy stacking
Qi wireless charging

Continue Reading

Cryptocurrency

Cryptoland Just Lost its $12 Million Bid to Buy Fiji Island for Resort

Published

on

Widely mocked plans to establish a tropical haven for cryptocurrency enthusiasts have run into trouble after a contract to buy an island in Fiji for US$12m fell through:

A group of crypto-evangelists, led by Max Olivier and Helena Lopez, outlined plans for the island, Nananu-i-cake, in a lavishly animated YouTube video, featuring a wide-eyed crypto bro named Christopher landing by helicopter and being given a guided tour by a talking coin called Connie.

The full YouTube clip has been taken down, but cached copies show it touted the island as “an international hub for the community to come live, work and have fun and enjoy a first-class crypto lifestyle”, boasting “a complete ecosystem that represents the blooming crypto space” that was “a paradise made by crypto enthusiasts for crypto enthusiasts”.

Areas planned included Cryptoland Bay, Crypto Beach, House of Dao – a reference to decentralised autonomous organisations, a form of non-corporate structure promoted by crypto enthusiasts as an alternative to companies – and the members-only Vladimir Club, another crypto in-joke that refers to people who hold 0.01% of a given cryptocurrency.

Also on offer were 60 plots of land on what the video describes as “the Blockchain Hills” (Nananu-i-cake has only one hill). These were to be sold to “Cryptolander Kings” via non-fungible tokens – unique tokens that use the same blockchain technology underpinning cryptocurrencies like bitcoin.

The project has been compared to the collapsed Fyre festival and the video was greeted with scoffing on social media.

Continue Reading
Advertisement
Advertisement

Latest Reviews

Follow us on Facebook