Skip to main content

Blue Check Twitter + Bitcoin

As we know, 2020 has been the year of endless headlines. Every week, there are multiple wild stories that are leading the headlines that no one could have ever imagined. The tweets likening 2020 to a game of Jumanji feel spot-on. One of this week's Jumanji headlines involves my favorite social media platform (Twitter), my favorite topic (fraud/social engineering), and my favorite digital asset (bitcoin). If you haven't heard about this story yet, you're welcome!

I'd like to preface this by saying that a few of our political, technological, financial and entertainment faves (including some who were targeted in this hack) have denounced bitcoin and other cryptocurrencies as fraudulent. For some reason, that adds to my amusement surrounding this story.

It all started on July 15. A number of accounts owned by very public supporters of bitcoin tweeted variations of the same message that essentially instructed followers to 1) visit a particular website, 2) send a certain amount of bitcoin to a particular address, and 3) wait to receive a certain amount of bitcoin (at least double what was sent) at the address from which they sent the initial bitcoin.

After some success, the hackers then moved on to verified (blue check) Twitter accounts owned by those political, technological, financial and entertainment faves. President Barack Obama, Vice President Joe Biden, Elon Musk, Bill Gates, Kanye West, Apple, Uber. The list goes on but you get the point--famous people/entities with large Twitter followings. These accounts, affectionately referred to as "Blue Check Twitter," began to tweet out similar messages--send bitcoin to a particular address and get more bitcoin in return. At some point, Twitter caught on to this widespread hacking and they disabled Blue Check Twitter's ability to tweet while they got a handle on the situation. And this freeze wasn't just placed on affected accounts--this was all verified accounts. Eventually, Twitter figured out what happened and restored Blue Check Twitter's abilities to tweet later that evening. But the damage had already been done.

Obviously, none of the people that sent bitcoin to this benevolent-turned-malevolent account received a satoshi of bitcoin back. But more than people losing bitcoin, I think a lot of people have lost some trust in the security of Twitter's platform. But that's not where the story ends. And, actually, this is not where the story begins either.

The story begins with how the hacking occurred. And it appears that the hacking occurred through the use of social engineering. If you are not familiar with social engineering, it is essentially a tactic whereby one manipulates individuals into disclosing confidential or sensitive information. Every time I see one of those prompts on social media about your "stripper name" (the ones that ask for the name of your first pet and your favorite food), I instantly think of social engineering. The answers to these questions are oftentimes the answers to security questions that are needed to access accounts when a password is lost or forgotten. The AARP has a great podcast series on scams that is cohosted by Frank Abagnale (from Catch Me If You Can) and talks about social engineering a lot. I highly recommend it.

Anyhow, Twitter has said that some of its employees with access to "internal systems and controls" were the victims of social engineering, and that's how the hackers gained access to all these accounts. But there are also reports that some of its employees were bribed (awkward). Only time will reveal what actually happened but the whole thing is both fascinating and terrifying. And lawmakers on both the legislative and regulatory sides are already calling for investigations. The FBI's San Francisco Division has already opened an investigation and the New York Department of Financial Services is likely moving in that direction, too. A security breach like this is a HUGE deal and lawmakers will want answers for how this happened and what will be done to keep something like this from happening again (election year, anyone?). Other large social media platforms will likely also feel some of the fallout from this incident.

In case you're wondering, the hackers made off with approximately $100,000 in bitcoin. That's not a lot of bitcoin when you think about the effort that went into this hack. This makes me believe that maybe the point wasn't to make money but to make a point (*shivers*). What do you think? Let me know at info@blockchainblawg.com or on Twitter (lol) at @blockchainblawg.

Comments

Popular posts from this blog

The Rundown on CBDCs

Everyday there is a news report about a country that is "exploring" or "studying" the possibility of developing a central bank digital currency (CBDC). In the past few days, I've read articles about Rwanda, Israel and France looking to pilot programs with CBDCs. And yesterday, the Bank of International Settlements announced its backing of the development of CBDCs. With approximately 80% of central banks around the world taking a closer look at CBDCs, now is as good a time as any to learn more about them. What Are They? A central bank digital currency is exactly what it sounds like--a digital currency issued by a central bank. In the same way our central bank, the Federal Reserve, issues the U.S. dollar, it would similarly issue some official U.S. digital currency ('digital dollar'). This is pretty much where the simplicity of it all ends. Things get really hairy (really fast) when central banks have to figure out how CBDCs fit into a traditional financ

ABCs of DeF(i)

The summer of 2020 is notable for a host of reasons. A pandemic. #BLM protests. USPS shenanigans. But within the blockchain/crypto space, the summer of 2020 will be remembered as "DeFi Summer." Short for "decentralized finance," DeFi refers to a system of automated financial arrangements stored and executed on a distributed ledger such as blockchain. One of my business faves, Mark Cuban, recently touted the potential for DeFi to explode in the next 10 years. I may be biased but I agree; DeFi has the potential to revolutionize finance. Automation is Key We know that blockchain can facilitate peer-to-peer transactions in a trustless environment, that transactions happen without the need for a third party intermediary, and that an immutable record of the transaction is stored on the ledger. In other words, transactions happen automatically and records of transactions are incapable of being changed. This is why bitcoin was created. This is blockchain 1.0. We also know

Happy New Year! + OCC OKs Stablecoins

Happy New Year from the most consistently inconsistent blogger to ever have blogged! I've finally accepted myself for who and what I am in hope that I'll surprise myself by becoming inconsistently consistent. I'm trying to make 2021 "The year of execution" so *fingers crossed* we shall see. On to the Office of the Comptroller of the Currency (OCC)... Yesterday, the OCC announced (well, clarified) that banks are able to use distributed ledger technology (e.g., blockchain) to verify and store transactions and they are also able to transact stablecoins. Banks must continue to comply with the applicable laws and other sound banking practices, such as "Know Your Customer," anti-money laundering controls, and Office of Foreign Assets Control sanctions. However, the OCC recognizes the efficiency and security benefits associated with blockchain technology in banking. The regulator also recognizes the banking industry's track record of competently (mostly) de