CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Reports
Incident Analysis
Twitter Hacks on the Rise
6/29/2022
Twitter Hacks on the Rise

Telegram, Whatsapp, Instagram & Facebook are listed by The FTC as Social Media apps with high volumes of Crypto Theft.

However, Twitter has not been mentioned by the FTC in their report and the social media platform is riddled with scam accounts, bots, & hacks. Recently, Twitter has seen an increase in hacks through a “SIM Swapping” process. The FBI is warning users that threat actors are using Sim Swapping to rob people of millions of dollars by stealing money from fiat and virtual currency accounts. “SIM Swapping” is a malicious attack targeting your mobile carrier that allows the attacker to gain control of your phone number in order to intercept any 2-step authentication or verification codes that may be sent via SMS text. In 2020, researchers at Princeton University found that out of 50 attempts to do a fake sim swap, 39 of them were successful. That’s around an 80% success rate and therefore easily done, and hard to detect. Sim swapping hackers use different methods to target mobile carriers and gain access to sensitive information on your phone.

Social engineering is one of those methods used where a threat actor impersonates you...

Social engineering is one of those methods used where a threat actor impersonates you and fools your mobile carrier into switching your phone number to a SIM card owned by the criminal. A threat actor can also pay off someone working at a mobile provider to switch the phone number to the attacker’s SIM card (aka insider threat). Finally, phishing is one of the most popular techniques where criminals deceive mobile carrier employees into downloading malware that allows the thieves to hack mobile carrier systems and perform SIM swaps.

How Does This Happen:

An attacker will contact your mobile phone service provider and convince them to switch your phone number over to a sim card they control.

This can be accomplished with basic personal info about a target, or even with just the last 4 of your SSN in some cases.

Yes, you might have 2FA, or a security key on your account, but on most providers anyone logging in has the option of choosing ANY of the options you have enabled, including SMS.

hacker

Case Studies:

Recently, JRNYclub and NonsDAO were recent victims of Twitter hacks. JRNYclub’s Twitter account was compromised on June 28th, 2022 for ~$82k by an account detected as @PopbobXBT. Stolen NFTs from JRNY are being sent to 0x003099... Although their Twitter account was hacked, this was not identified as a “SIM swapping” attack but more of a targeted social engineering hack. From what officials of the token are saying, a Twitter employee was social engineered into changing JRNYclub’s password. This announcement has led to some users claiming that these hacks are the results of an inside job or malicious Twitter employee. JRNYclub has contacted their legal team to further investigate this hack.

On June 27th, 2022 Nouns DAO’s Twitter account was attacked and taken over by hackers. Normally these phishing mint attacks where the hacker gains privileged access and posts a phishing link commonly happen on NFT Discord servers but in this case it was executed on Twitter. The attacker posted fake phishing links to a fake raffle to win Noun’s 355 and 356. This was then followed up by the attacker starting a Twitter space and announcing to listeners to participate in this phishing raffle. Shortly right after Nouns DAO’s developer by the name @punk4156 announced that Nouns DAO's Twitter account was compromised and warned users not to click any links. Nouns DAO was able to gain control again but 20 individuals were affected by this attack with a total loss of 25ETH ($27,843.31USD) but no Nouns were compromised even when the attack said that there must be Nouns in their wallet in order to win the raffle.

@PopbobXBT Discord ID was detected as:

Popbob#0002 Popbob#0001 785256856607785001

This user was also allegedly involved with Discord compromises of @MaskByteNFT @divineanarchy @imxbears @nbatopshot @RogueSharks @JungleFreaksNFT @ethertroopers and Discord channels including @ParallelNFT @nansen_ai @AnataNFT.

Popbob, ixsmith and dave/alfred have been identified as the main Twitter hackers with user ID's:

785256856607785001 538779106792439828 388982968129159168

Recommendations:

On your Twitter Account's settings, navigate to: Your Account>Account Information>Phone and just delete it if you're concerned.

9

You can also reach out to your service provider and request a pin be added to your mobile account.

Any form of 2FA protection is better than nothing, however. For the best security, a software token-based method, such as Google Authenticator, which generates a time-based, 1-time passcode is highly recommended. Do your best to avoid SMS text-message or voice-based 2FA, as these methods are less secure and can be easily tricked by hackers.

If you think your wireless account has been compromised, call your wireless provider immediately.

Another method is to use a password manager. Entrust your passwords to a secure password manager, such as True Key. A secure password manager makes it so you only have to remember one password. The rest of them are encrypted and protected by two-factor authentication.

If you think your wireless account has been compromised, call your wireless provider immediately. We also recommend that you vigilantly check your accounts, including your financial information, for signs of fraud.

For maximum protection, VPN’s are strongly recommended and depending on your platform, ensure your antivirus apps and other protection methods are current and from legitimate app stores.

Conclusion:

Twitter hacks are on the rise due to the fact that they can be done remotely through various methods, they are not easily detectable, and they are surprisingly easy to do. The two most recent hacks with JRNYclub and Nouns DAO have raised a serious issue where users are claiming that a Twitter insider source has bypassed security leading to hundreds of thousands of dollars lost over the past week. Regardless, these types of hacks are increasingly popular and are a threat to the Web3 world, where social media platforms are used to communicate about and discuss financial matters on a daily basis.

Related Stories
The Rise of Stablecoins in Unstable Times
Blogs
Case Study
In addition to mitigating the price volatility inherent in the cryptocurrency market, stablecoins serve what is to millions of people an even more important purpose: acting as a financial refuge during periods of economic and political instability.
12/4/2023
The Proliferation of Honeypot Contracts in Web3
Blogs
Educational
The rise of Web3 has ushered in a wave of innovation, not all of which is benevolent. A notable manifestation of malicious activity within this space is the emergence of "honeypot contracts." These contracts issue tokens that can be bought but not sold, thereby trapping investors.
10/3/2023
Web3 Mobile Wallet Apps: A Secret Key Protection Perspective
Blogs
Educational
The security of private keys and mnemonic phrases is of paramount importance in the world of cryptocurrency, as they grant access to one's digital assets and their loss or theft can lead to financial ruin. With the rise of mobile wallet apps in the Web3 space, it's crucial to understand the various security mechanisms that are in place to protect these keys.
1/19/2023
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;