Scam Alert: Your Favorite Twitter Accounts Under Attack
The surge in cryptocurrency’s popularity has brought about unprecedented opportunities for growth, but it has also opened doors for scammers. Over the past few weeks, a worrying trend has emerged, with a group of scammers overtaking at least eight Twitter accounts linked to the crypto community.
This group has managed to steal almost seven figures by using stolen accounts to carry out sophisticated phishing scams. Once they gain control of a Twitter account, they rapidly tweet out phishing scams to their unsuspecting followers. What makes this situation even more alarming is the delayed response from Twitter Support, leaving these fraudulent posts up for hours and even days in some cases, thus amplifying the potential damage.
Over the past few weeks we have seen 8+ account takeovers connected to the same group of scammers as evident by how their addresses are linked on-chain.
I hope @TwitterSafety investigates each attack closely as they have resulted in almost seven figures stolen. @miramurati… pic.twitter.com/ypnqyb5oNy
— ZachXBT (@zachxbt) June 8, 2023
The scammers’ method of choice appears to be SIM swapping, a tactic where the scammer convinces a phone carrier to switch the victim’s phone number over to a SIM card they control. This allows them to bypass two-factor authentication (2FA) protections. However, it seems that not all accounts were compromised using this method. It is suspected that other accounts were potentially stolen using a panel, a tool often used by hackers to breach security.
The consistent link between the on-chain addresses of the stolen assets suggests that these account takeovers are not isolated incidents but connected to the same group. As such, the crypto community and Twitter users at large are urged to be vigilant and take steps to protect their accounts.
So, how can you safeguard your Twitter account? First, never enable SMS 2FA on your accounts. While it provides an extra layer of protection, it is susceptible to SIM swapping. Instead, use a physical security key for 2FA, which is much more difficult for hackers to get their hands on.