Skip to main content

Blue Check Twitter + Bitcoin

As we know, 2020 has been the year of endless headlines. Every week, there are multiple wild stories that are leading the headlines that no one could have ever imagined. The tweets likening 2020 to a game of Jumanji feel spot-on. One of this week's Jumanji headlines involves my favorite social media platform (Twitter), my favorite topic (fraud/social engineering), and my favorite digital asset (bitcoin). If you haven't heard about this story yet, you're welcome!

I'd like to preface this by saying that a few of our political, technological, financial and entertainment faves (including some who were targeted in this hack) have denounced bitcoin and other cryptocurrencies as fraudulent. For some reason, that adds to my amusement surrounding this story.

It all started on July 15. A number of accounts owned by very public supporters of bitcoin tweeted variations of the same message that essentially instructed followers to 1) visit a particular website, 2) send a certain amount of bitcoin to a particular address, and 3) wait to receive a certain amount of bitcoin (at least double what was sent) at the address from which they sent the initial bitcoin.

After some success, the hackers then moved on to verified (blue check) Twitter accounts owned by those political, technological, financial and entertainment faves. President Barack Obama, Vice President Joe Biden, Elon Musk, Bill Gates, Kanye West, Apple, Uber. The list goes on but you get the point--famous people/entities with large Twitter followings. These accounts, affectionately referred to as "Blue Check Twitter," began to tweet out similar messages--send bitcoin to a particular address and get more bitcoin in return. At some point, Twitter caught on to this widespread hacking and they disabled Blue Check Twitter's ability to tweet while they got a handle on the situation. And this freeze wasn't just placed on affected accounts--this was all verified accounts. Eventually, Twitter figured out what happened and restored Blue Check Twitter's abilities to tweet later that evening. But the damage had already been done.

Obviously, none of the people that sent bitcoin to this benevolent-turned-malevolent account received a satoshi of bitcoin back. But more than people losing bitcoin, I think a lot of people have lost some trust in the security of Twitter's platform. But that's not where the story ends. And, actually, this is not where the story begins either.

The story begins with how the hacking occurred. And it appears that the hacking occurred through the use of social engineering. If you are not familiar with social engineering, it is essentially a tactic whereby one manipulates individuals into disclosing confidential or sensitive information. Every time I see one of those prompts on social media about your "stripper name" (the ones that ask for the name of your first pet and your favorite food), I instantly think of social engineering. The answers to these questions are oftentimes the answers to security questions that are needed to access accounts when a password is lost or forgotten. The AARP has a great podcast series on scams that is cohosted by Frank Abagnale (from Catch Me If You Can) and talks about social engineering a lot. I highly recommend it.

Anyhow, Twitter has said that some of its employees with access to "internal systems and controls" were the victims of social engineering, and that's how the hackers gained access to all these accounts. But there are also reports that some of its employees were bribed (awkward). Only time will reveal what actually happened but the whole thing is both fascinating and terrifying. And lawmakers on both the legislative and regulatory sides are already calling for investigations. The FBI's San Francisco Division has already opened an investigation and the New York Department of Financial Services is likely moving in that direction, too. A security breach like this is a HUGE deal and lawmakers will want answers for how this happened and what will be done to keep something like this from happening again (election year, anyone?). Other large social media platforms will likely also feel some of the fallout from this incident.

In case you're wondering, the hackers made off with approximately $100,000 in bitcoin. That's not a lot of bitcoin when you think about the effort that went into this hack. This makes me believe that maybe the point wasn't to make money but to make a point (*shivers*). What do you think? Let me know at info@blockchainblawg.com or on Twitter (lol) at @blockchainblawg.

Comments

Popular posts from this blog

The Rundown on CBDCs

Everyday there is a news report about a country that is "exploring" or "studying" the possibility of developing a central bank digital currency (CBDC). In the past few days, I've read articles about Rwanda, Israel and France looking to pilot programs with CBDCs. And yesterday, the Bank of International Settlements announced its backing of the development of CBDCs. With approximately 80% of central banks around the world taking a closer look at CBDCs, now is as good a time as any to learn more about them. What Are They? A central bank digital currency is exactly what it sounds like--a digital currency issued by a central bank. In the same way our central bank, the Federal Reserve, issues the U.S. dollar, it would similarly issue some official U.S. digital currency ('digital dollar'). This is pretty much where the simplicity of it all ends. Things get really hairy (really fast) when central banks have to figure out how CBDCs fit into a traditional financ

Before You Mint Your NFT

With NFT season taking a bit of a breather (kinda), I thought this would be the perfect time to lay out a few things to consider before minting an NFT.  If you missed the frenzy, well, welcome. "NFT" stands for non-fungible token and these digital tokens represent real world ownership and provenance of a particular asset. NFTs are minted (i.e., produced), stored and transacted (bought/sold/traded) on a distributed ledger like blockchain. Some NFTs represent ownership of tangible assets and some NFTs are digital/virtual assets  (yes, a digital piece of art was purchased for $69M). "Non-fungibility" is a scary word but it essentially means that the asset is unique, cannot be interchanged with another asset, and cannot be replicated. Think of NFTs as either collectibles, like artwork and trading cards, or title to tangible/real property, like real estate and cars.  So with all the excitement having simmered down a bit, below are a few things to think about before you

A Changing Tide. But Not Really.

I almost titled this post, "An Open Love Letter to Rep. Darren Soto" but I thought that might be weird. I landed on [whatever it is] because it has recently occurred to me that there may be significant legislation around blockchain coming out of Congress this session. Rep. Soto (FL-09) has been one of blockchain's biggest champions on Capitol Hill and I expect that will continue to be the case. In anticipation of "big things blockin," I thought I'd revisit two blockchain bills that made it out of the House of Representatives during the last congressional session. Given the change in the make-up of the Senate, maybe we'll see them again. But maybe we won't need to see them again....? Stay tuned. The first of the two bills was the Blockchain Innovation Act. This legislation sought to have the Department of Commerce and Federal Trade Commission study the use of blockchain technology in commerce and assess its fraud and security risks and benefits. This