On July 15, Twitter accounts belonging to well-known figures and celebrities including Barrack Obama, Joe Biden, Elon Musk, and Bill Gates were compromised to promote cryptocurrency scams. According to Twitter, social engineering was used to obtain access to employee accounts, and with the backend exposed, internal tools were then used to blast out cryptocurrency-related messages. In total, the cyberattackers manipulated accounts -- 45 of which were used to urge unwitting members of the public to send them BTC. Data belonging to eight accounts was also downloaded and stolen; however, Twitter does not believe the hackers were able to access cleartext passwords and so mass password resets are not required. In an attempt to contain the incident, Twitter temporarily stopped verified accounts from sending out any messages that appeared to contain Bitcoin wallet addresses. At the same time, cryptocurrency exchanges, too, took action. The addresses sent by the fraudsters were blacklisted by exchanges watching the saga unfold, which prevented those duped by the campaign from sending any of their cryptocurrency to wallets controlled by the threat actors. However, if Coinbase had not blacklisted the wallet address within minutes of the scam beginning, this could have been far worse. Speaking to Forbes , Coinbase chief information security officer Philip Martin said the exchange, which accounts for roughly 35 million users worldwide, stopped customers from sending a total of
The bitcoin and cryptocurrency community, fiercely protective of its privacy, has been rocked by a massive data breach that's seen the personal information of over , bitcoin and cryptocurrency users published online. The data, stolen from popular France-based bitcoin and cryptocurrency hardware wallet Ledger in a July hack, was last week published on RaidForums, a marketplace for buying, selling, and sharing hacked information. Many bitcoin and cryptocurrency investors have since been subject to a barrage of phishing attempts with scammers using the data to try to trick users into handing over the keys to their bitcoin and crypto wallets—revealing bitcoin's greatest weakness is the companies that help people store and trade it. Bitcoin and cryptocurrency investors are often subject to phishing attacks, with scammers keen to The hacked data includes customer email addresses, full names, phone numbers and postal addresses, according to Ledger. A vulnerability on the Ledger website allowed a "unauthorized third party" to access the company's e-commerce and marketing database before it was spotted by a researcher participating in Ledger's bounty program. Stop forcing companies to collect hackable jackpots of know-your-customer KYC data," Balaji Srinivasan, technology angel investor and former chief technology officer at U. Regulations and tax requirements require companies to store certain information on their customers, often for many years.
Follow The Verge online:
Coinbase , one of the largest cryptocurrency exchanges, added about 1. In the same period, Blockchain. Many are newcomers, unaware of the risks and security holes in the complicated yet lucrative world of cryptocurrency, making them easy prey for hackers and cyberthiefs. One common crime that's carried out on cryptocurrency investors is the phone-porting attack. Hackers snoop around social media, looking for cryptocurrency conversations in which investors post their phone and email for easy contact. Then, posing as the victim, they call up the phone provider in an attempt to fool the customer service representative into transferring the phone number to a device they control. Once the hackers take over the phone number, they can go into the victim's cryptocurrency exchange account by resetting the password, ultimately stealing cryptocurrencies from the account. A cellphone number is not the only point of weakness.