Crypto Twitter hacks are frequent, reviewing hackers new attacks and profit-making methods

avatar
Bitget研究院
13 hours ago
This article is approximately 1321 words,and reading the entire article takes about 2 minutes
Improve the ability to identify fraud and maintain security boundaries.

Crypto Twitter hacks are frequent, reviewing hackers new attacks and profit-making methods

In recent months, more and more social media accounts of crypto projects, practitioners, politicians, and celebrities have been stolen and subsequently posted fraudulent information. Recently, some Bitget employees have experienced similar phishing attacks. After recovering their accounts, we gradually unraveled the mystery and found that hackers new attack methods are constantly upgrading and have become highly confusing and hidden. Therefore, we prepared this article in the hope of helping the entire industry with security protection.

Bitget employees suffered phishing attacks

In mid-May, a Bitget employee in charge of business development received a private message on Twitter from a partner, inviting him to discuss a potential collaboration. The two parties quickly agreed on a meeting time and held the meeting. During the meeting, the other party sent some installation files and invited Bitget employees to experience them in the name of functional testing.

In the following days, the employee received inquiries from friends and industry partners: Did you send me a strange Twitter private message? After realizing the anomaly, he and the Bitget security team acted quickly and retrieved the account through the bound email address and other information.

How hackers targeted crypto Twitter accounts and profited

In the subsequent security investigation, we gradually reviewed the detailed hacker attack methods and how they profited from them:

Step 1: The hacker sends a private message to the victim through the social media account he has already controlled, guiding him to contact a Telegram account to further discuss cooperation

Safety reminder:

  1. These private messages do not necessarily come from suspicious small accounts, and may even come from verified official accounts, but the fraudulent private messages are not sent by the official team.

  2. At this point, the hacker has quietly gained control of these official accounts and directed the victims to Telegram for the next scam.

  3. Hackers usually delete private messages immediately after sending them, so even though hackers may have sent hundreds of private messages, the account owner may not be aware of it.

Step 2: After the victim contacts the hacker’s Telegram, the other party will propose an online meeting and invite them to download and install specific documents in the meeting

Safety reminder:

  1. The hackers Telegram usually pretends to be a real employee. The relevant information may come from platforms such as LinkedIn. The account ID may be highly similar to that of the real employee, such as confusing I (uppercase i) and l (lowercase L).

  2. Hackers implant malicious code in the installation file to trick victims into installing it, thereby gaining access to their computers and further stealing social media accounts and even cryptocurrency or legal currency assets.

Step 3: After gaining access to the victim’s device, the hacker will first try to steal the assets directly. Then, he will use the victim’s Twitter and Telegram accounts to find new victims, and send Twitter private messages through the accounts to guide them to contact the Telegram accounts controlled by the hackers for subsequent fraud.

Safety reminder:

  1. As mentioned before, hackers will delete the private message immediately after sending it, making it difficult for the account owner to realize that their account has been hacked.

  2. This also explains why scam messages may come from verified official accounts, but these accounts do not take any action - they are still in the dark

Step 4: When the next victim establishes contact with the hacker on Telegram, the hacker will choose the appropriate fraud method based on his disguised identity

Safety reminder:

  1. If hackers pretend to be staff of an exchange, they usually trick victims into transferring money in the name of listing cooperation.

  2. If hackers pretend to be project staff, they usually trick victims into transferring money in the name of early investment.

  3. If hackers pretend to be staff of investment institutions, they usually trick victims into transferring money in the name of investment cooperation.

  4. If the disguised identity is not enough to directly make money, they will use it as a stepping stone to trick other people in their network into installing Trojan programs, thereby gaining access to the other partys account permissions, becoming a new fraud tool for hackers.

summary

The hacker attacks and profit-making methods mentioned in this article are similar to those in the past in that hackers still need to implant Trojans (install specific files) to control the victims device. However, the difference is that hackers have made many improvements in their methods:

  1. By sending private messages to victims through verified Twitter accounts, credibility can be greatly increased, thus increasing the success rate of fraud.

  2. Immediately delete the private message so that the owner of the account will not notice any abnormality and thus lurk in the account for a long time. In past cases, hackers may immediately post fraudulent tweets after obtaining the account, using fake activities, scam tokens, etc. to quickly reap profits, but this method will also immediately alert the owner of the account and the public, causing them to be vigilant.

  3. The Telegram accounts used by hackers to further communicate with victims are also carefully disguised, usually using IDs that are highly similar to those of official personnel.

How to identify and prevent similar phishing attacks

  1. Be wary of invitations, even if they come from an official account. When you receive an invitation, confirm the identity of the inviter through other channels. If it is an acquaintance, check whether the previous chat history still exists before chatting.

  2. Do not download or open files sent to you by the other party in the meeting at will. If you need to install a meeting client such as Teams or Zoom, please go to the official website of Teams or Zoom to download it. This is very important.

  3. During the communication process, only authorize video and voice permissions. Do not grant Zoom or Teams other permissions to prevent hackers from remotely controlling your computer.

  4. Dont leave your computer for any reason during the communication. If necessary, you can find another person to watch the screen together. Be careful that hackers can operate your computer while you are away.

  5. Do not back up your mnemonics to your computer or phone, and enable MFA (multi-factor authentication) wherever possible.

  6. The mobile phone involved in financial matters should be iPhone and upgraded to the latest version. Turn on the lock mode, use it for external communication as little as possible, and keep it separate from the computer or mobile phone used for work and social activities.

Your account was stolen? How to respond quickly and reduce losses

Even with the most stringent protection, it is still possible to be hacked. Once you find that your account has been stolen, the speed of your response will determine the extent of the loss.

  1. Turn off the computer, disconnect from the Internet, and promptly block hackers from invading the computer.

  2. Fund security check (if it involves wallet authorization). The attacker may have access to your local wallet (such as browser plug-ins, private key storage). You should immediately transfer your assets to a new wallet (it is recommended to regenerate the private key and not use the same mnemonic).

  3. Retrieve your account from other devices/emails immediately. Use the bound email address or mobile phone number to log in and reset your password while your account is still logged in, and immediately log out of all other device sessions. Once you have retrieved your account, immediately close all third-party login authorizations to prevent hackers from continuing to manipulate your account.

  4. Inform and warn people around you. Remind others not to believe the recent private messages, and mark abnormal accounts to let more people know and avoid chain reactions.

The above cases are not isolated cases, but challenges that every user in the entire crypto industry may face. At Bitget, we not only build a protection mechanism, but also hope to work with you to truly turn security awareness into capabilities.

Original article, author:Bitget研究院。Reprint/Content Collaboration/For Reporting, Please Contact report@odaily.email;Illegal reprinting must be punished by law.

ODAILY reminds readers to establish correct monetary and investment concepts, rationally view blockchain, and effectively improve risk awareness; We can actively report and report any illegal or criminal clues discovered to relevant departments.

Safety
Bitget
Bitget研究院

Bitget研究院

See More
Recommended Reading
Editor’s Picks
twitter.png
discord.png
telegram.png Group
telegram.png Channel
weibo.png
Github.png