Skip to main content

Blue Check Twitter + Bitcoin

As we know, 2020 has been the year of endless headlines. Every week, there are multiple wild stories that are leading the headlines that no one could have ever imagined. The tweets likening 2020 to a game of Jumanji feel spot-on. One of this week's Jumanji headlines involves my favorite social media platform (Twitter), my favorite topic (fraud/social engineering), and my favorite digital asset (bitcoin). If you haven't heard about this story yet, you're welcome!

I'd like to preface this by saying that a few of our political, technological, financial and entertainment faves (including some who were targeted in this hack) have denounced bitcoin and other cryptocurrencies as fraudulent. For some reason, that adds to my amusement surrounding this story.

It all started on July 15. A number of accounts owned by very public supporters of bitcoin tweeted variations of the same message that essentially instructed followers to 1) visit a particular website, 2) send a certain amount of bitcoin to a particular address, and 3) wait to receive a certain amount of bitcoin (at least double what was sent) at the address from which they sent the initial bitcoin.

After some success, the hackers then moved on to verified (blue check) Twitter accounts owned by those political, technological, financial and entertainment faves. President Barack Obama, Vice President Joe Biden, Elon Musk, Bill Gates, Kanye West, Apple, Uber. The list goes on but you get the point--famous people/entities with large Twitter followings. These accounts, affectionately referred to as "Blue Check Twitter," began to tweet out similar messages--send bitcoin to a particular address and get more bitcoin in return. At some point, Twitter caught on to this widespread hacking and they disabled Blue Check Twitter's ability to tweet while they got a handle on the situation. And this freeze wasn't just placed on affected accounts--this was all verified accounts. Eventually, Twitter figured out what happened and restored Blue Check Twitter's abilities to tweet later that evening. But the damage had already been done.

Obviously, none of the people that sent bitcoin to this benevolent-turned-malevolent account received a satoshi of bitcoin back. But more than people losing bitcoin, I think a lot of people have lost some trust in the security of Twitter's platform. But that's not where the story ends. And, actually, this is not where the story begins either.

The story begins with how the hacking occurred. And it appears that the hacking occurred through the use of social engineering. If you are not familiar with social engineering, it is essentially a tactic whereby one manipulates individuals into disclosing confidential or sensitive information. Every time I see one of those prompts on social media about your "stripper name" (the ones that ask for the name of your first pet and your favorite food), I instantly think of social engineering. The answers to these questions are oftentimes the answers to security questions that are needed to access accounts when a password is lost or forgotten. The AARP has a great podcast series on scams that is cohosted by Frank Abagnale (from Catch Me If You Can) and talks about social engineering a lot. I highly recommend it.

Anyhow, Twitter has said that some of its employees with access to "internal systems and controls" were the victims of social engineering, and that's how the hackers gained access to all these accounts. But there are also reports that some of its employees were bribed (awkward). Only time will reveal what actually happened but the whole thing is both fascinating and terrifying. And lawmakers on both the legislative and regulatory sides are already calling for investigations. The FBI's San Francisco Division has already opened an investigation and the New York Department of Financial Services is likely moving in that direction, too. A security breach like this is a HUGE deal and lawmakers will want answers for how this happened and what will be done to keep something like this from happening again (election year, anyone?). Other large social media platforms will likely also feel some of the fallout from this incident.

In case you're wondering, the hackers made off with approximately $100,000 in bitcoin. That's not a lot of bitcoin when you think about the effort that went into this hack. This makes me believe that maybe the point wasn't to make money but to make a point (*shivers*). What do you think? Let me know at or on Twitter (lol) at @blockchainblawg.


Popular posts from this blog

The Rundown on CBDCs

Everyday there is a news report about a country that is "exploring" or "studying" the possibility of developing a central bank digital currency (CBDC). In the past few days, I've read articles about Rwanda, Israel and France looking to pilot programs with CBDCs. And yesterday, the Bank of International Settlements announced its backing of the development of CBDCs. With approximately 80% of central banks around the world taking a closer look at CBDCs, now is as good a time as any to learn more about them. What Are They? A central bank digital currency is exactly what it sounds like--a digital currency issued by a central bank. In the same way our central bank, the Federal Reserve, issues the U.S. dollar, it would similarly issue some official U.S. digital currency ('digital dollar'). This is pretty much where the simplicity of it all ends. Things get really hairy (really fast) when central banks have to figure out how CBDCs fit into a traditional financ

A Curious Crypto Caper Chronicle

The Hack Earlier this month, a hacker executed a massive crypto heist on PolyNetwork--a decentralized finance (DeFi) platform. The hacker was able to steal more than $600 million in crypto from thousands of users on three separate PolyNetwork blockchains (Binance Smart Chain, Ethereum & Polygon) and involving more than a dozen cyptocurrencies. In other words, this hack was * major *. The PolyNetwork protocol operates on multiple blockchains and allows users to send/receive tokens across these different blockchains using various smart contracts (also known as "bridges"). The hacker exploited a vulnerability in one of these smart contracts which maintains significant amounts of crypto to maintain liquidity and this allowed him to overwrite instructions and redirect all crypto funds to himself. From there, the hacker attempted to move the stolen crypto into various liquidity pools.   The Blacklist The hacker was successful in moving some of the crypto. But shortly after the

Finding Nemo: A Journey on the Blockchain

Imagine if Nemo was a salmon born and raised in a fish farm in Norway. And imagine if his life, including how many roommates he had, his environment and every meal he ate, was recorded. His death (mainly manner and date) were also recorded. His post-mortem journey to the U.S. was recorded, including where he may have stopped along the way, before making his way to the seafood section of your local grocery store. Now imagine if you could scan a QR code to get a snapshot of Nemo's life, death and journey to the U.S. before deciding to purchase him and do so knowing that his provenance is accurate and reliable. If you're lucky enough to patronize certain Whole Foods, you may be able to do this soon. A major producer of salmon in Norway is working to bring more transparency to its practices using blockchain as the infrastructure. As increasing numbers of consumers become mindful of environmental sustainability and ethical eating, these types of supply chain efforts will become mo