MicroStrategy’s X Account Compromised As About $440,000 Worth of Crypto Stolen From Malicious Post

February 27, 2024 The Daily Hodl

$794K SIM swap hacker PlugwalkJoe sentenced to five years in prison

June 25, 2023 Coin Telegraph

The hacker managed to steal $794,000 worth of crypto from an exchange via a SIM swap attack on an exec, but ultimately he didn’t cover his tracks well.

British Hacker Joseph O’Connor, also known online as PlugwalkJoe, has been sentenced to five years in U.S. prison for his role in stealing $794,000 worth of cryptocurrency via a SIM swap attack on a crypto exchange executive back in April 2019.

O’Connor was initially arrested in Spain in July 2021 and was extradited to the U.S. on April 26, 2023. In May he pled guilty to a slew of charges relating to conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and conspiracy to commit money laundering, to name a few.

plugwalkjoe is getting his sentence in 5 days, so it’s time to bring this gem back pic.twitter.com/OOBqD2FaFA
— rip @ironic (@ripironic) June 18, 2023

The prison sentence was highlighted in a June 23 statement from the U.S. Attorney's Office of the Southern District of New York.

“In addition to the prison term, O’Connor was sentenced to three years of supervised release. O’Connor was further ordered to pay $794,012.64 in forfeiture,” the statement reads.

The hacked crypto exec has not been named, however after SIM swapping them, O’Connor gained unauthorized access to accounts and computing systems belonging to the exchange that the exec worked at.

“After stealing and fraudulently diverting the stolen cryptocurrency, O’Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services.”

“Ultimately, a portion of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O’Connor,” the statement adds.

O’Connor’s sentence also covers offenses relating to the major Twitter hack of July 2020, which ultimately fetched him and his crew around $120,000 worth of ill-gotten crypto gains.

1/ Time for a story that combines the craziness of crypto, the perils of hacking, and the consequences of shady actions. Buckle up as we explore the case of Joseph James O'Connor, aka PlugwalkJoe, the mastermind behind the infamous Twitter hack of July 2020!#Crypto
— Crypto Camel (@CamelChronicles) June 24, 2023

The hackers deployed a series of “social engineering techniques” and SIM-swapping attacks to hijack around 130 prominent Twitter accounts, along with two large accounts on TikTok and Snapchat.

“In some instances, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other instances, the co-conspirators sold access to Twitter accounts to others,” the statement reads.

As part of this scheme, O’Connor attempted to blackmail the Snapchat victim by threatening to publicly release private messages if they didn’t make posts promoting O’Connor’s online persona.

Additionally, O’Connor also “stalked and threatened” a victim, and “orchestrated a series of swatting attacks” on them by falsely reporting emergencies to authorities.

SIM swaps are still a big issue

A SIM swap attack involves a bad actor taking control of a victim’s phone number by linking it to another sim card controlled by them.

As a result, the bad actors can then re-route the victim’s calls and messages to a device controlled by them, and gain access to any accounts the victim uses SMS-based two-factor authentication on.

The scheme is generally used to dupe followers of prominent accounts into clicking phishing links that ultimately end up swiping their crypto assets.

Despite O’Connor’s antics occurring roughly three years ago, SIM swapping attacks continue to be a significant issue in the crypto sector.

Earlier this month blockchain sleuth ZachXBT identified a group of scammers that SIM-swapped at least eight accounts belonging to well-known figures in crypto, including Pudgy Penguins founder Cole Villemain, DJ and NFT collector Steve Aoki and Bitcoin Magazine editor Pete Rizzo.

According to ZachXBT, the group stole almost $1 million by promoting phishing links from the hacked accounts.

Magazine: ‘Moral responsibility’ — Can blockchain really improve trust in AI?

Scammers steal nearly $1M after hijacking 8+ prominent crypto twitter accounts

June 10, 2023 Coin Telegraph

Scammers steal nearly M after hijacking 8+ prominent crypto twitter accounts

Coin Telegraph

The group of scammers have recently taken over accounts belonging to the founder of Pudgy Penguins, the CTO of OpenAI and even crypto hater Peter Schiff.

Over the past few weeks, a group of scammers has hijacked more than eight Twitter accounts belonging to prominent figures in the crypto space to promote phishing scams. The group has stolen almost $1 million worth of crypto so far, according to blockchain sleuth ZachXBT.

In a June 9 Twitter thread, ZachXBT outlined that he had uncovered several wallets “linked on chain” that are connected to phishing scams promoted by the recently hacked accounts.

“While the majority of these attacks were the result of a SIM Swap it seems other accounts were potentially stolen with a [Twitter admin] panel,” ZachXBT noted.

Over the past few weeks we have seen 8+ account takeovers connected to the same group of scammers as evident by how their addresses are linked on-chain.

I hope @TwitterSafety investigates each attack closely as they have resulted in almost seven figures stolen. @miramurati… pic.twitter.com/ypnqyb5oNy
— ZachXBT (@zachxbt) June 8, 2023

The accounts belong to figures such as Pudgy Penguins founder Cole Villemain, DJ and NFT collector Steve Aoki and Bitcoin Magazine editor Pete Rizzo.

Oddly enough, gold proponent and fervent crypto hater Peter Schiff also saw his account hacked to promote a dubious link relating to tokenized gold in Decentralized Finance.

“I hope Twitter Safety investigates each attack closely as they have resulted in almost seven figures stolen,” ZachXBT said, adding that:

“When the scammer gains control of a Twitter account, phishing scams are tweeted out almost immediately. Slow response times from Twitter Support have resulted in some of these tweets staying up for many hours and even days.”

*Tweeted phishing scams. Source: ZachXBT, Twitter*

The blockchain sleuth urged people to use a security key as opposed to opting for SMS-based two-factor authentication.

Another one of the account hacks highlighted by ZachXBT includes OpenAI’s CTO Mira Murati.

On June 2, members of the crypto community fired off warnings about her account sharing a phishing link promoting a fake airdrop for an ERC-20 token named OPENAI.

This particular post was live for roughly an hour and was viewed 79,600 times and retweeted 83 times before it was deleted. Notably, the scammers had restricted who could reply to the tweet in a bid to stop people placing warnings on it.

In late May, Arthur Madrid, the co-founder and CEO of metaverse platform The Sandbox was also subject to the same style of Twitter account hack that saw the promotion of a fake SAND airdrop.

It is unclear if this particular hack is connected to the group of hackers identified by ZachXBT however.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

400M Twitter users’ data is reportedly on sale in the black market

December 26, 2022 Coin Telegraph

Coin Telegraph

The private contact information of Ethereum co-founder Vitalik Buterin, shark tank host Kevin O'Leary and Mark Cuban are among those purportedly for sale.

400 million Twitter users’ data containing private emails and linked phone numbers have reportedly been up for sale on the black market.

Cybercrime intelligence firm Hudson Rock highlighted a “credible threat” via Twitter on Dec. 24 in which someone is supposedly selling a private database containing contact information of 400 million Twitter user accounts.

“The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more,” Hudson Rock stated, before adding that:

“In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits.”

Hudson Rock said that while it has not been able to fully verify the hacker’s claims given the number of accounts, it said that an “independent verification of the data itself appears to be legitimate.”

BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.

The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022

Web3 security firm DeFiYield also had a look at 1,000 accounts given as a sample by the hacker and verified that the data is “real.” It also reached out to the hacker via Telegram and noted that they are actively waiting for a buyer there.

If found true, the breach could be a significant cause for concern for crypto Twitter users, particularly those who operate under a pseudonym.

However, some users have highlighted that such a large-scale breach is hard to believe, given that the current amount of active monthly users reportedly sits at around 450 million.

At the time of writing, the purported hacker still has a post up on Breached advertising the database to buyers. It also has a specific call to action for Elon Musk to pay $276 million to avoid having the data sold and face a fine from the General Data Protection Regulation agency.

If Musk pays the fee, the hacker says they will delete the data and it will not be sold to anyone else “to prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things.”

The breached data in question is understood to have come from the “Zero-Day Hack” on Twitter in which an application programming interface vulnerability from Jun. 2021 was exploited before it was patched in January this year. The bug essentially allowed hackers to scrape private info which they then compiled into databases to sell on the dark web.

Alongside this supposed database, two others have previously been identified, with one consisting of around 5.5 million users and another thought to contain as much as 17 million users, according to a Nov. 27 report from Bleeping Computer.

The dangers of having such info leaked online include targeted phishing attempts via text and email, sim swap attacks to get ahold of accounts and the doxing of private information.

There are some serious concerns with this.
#1 - Identities of many pseudo accounts will be public, posing risks for them
#2 - With a phone number, it's super easy to find anyone's address and banking information.
#3 - Multiple phishing attempts via cellphone, physical, or email
— Haseeb Awan - efani.com (@haseeb) December 25, 2022

People are being advised to take precautions such as making sure two-factor authentication settings are turned on for their various accounts, via an app and not their phone number, along with changing their passwords and storing them securely, and also using a private, self-hosted crypto wallet.

British Army’s Social Media Accounts Hacked to Promote Bitcoin Giveaways, Crypto Scams

July 5, 2022 Bitcoin.com

Targeted phishing scam nets $438K in crypto and NFTs from hacked Beeple account

May 23, 2022 Coin Telegraph

beeple

Links posted to a fake Louis Vuitton non-fungible token (NFT) raffle were made to capitalize on a recent real collaboration between Beeple and the luxury fashion brand.

Digital artist and popular non-fungible token (NFT) creator Mike Winkelmann, more commonly known as Beeple, had his Twitter account hacked on Sunday, May 22 as part of a phishing scam.

Harry Denley, a Security Analyst at MetaMask, alerted users that Beeple’s tweets at the time containing a link to a raffle of a Louis Vuitton NFT collaboration were in fact a phishing scam that would drain the crypto out of users' wallets if clicked.

⚠️ Beeple's Twitter account has been compromised (ATO) to post a phishing website to steal funds.

0x7b69c4f2ACF77300025E49DbDbB65B068b2Fda7D
0xF305F6073CFa24f05FF15CA5b387DD91f871b983 pic.twitter.com/0MPNwOPlEu
— harry.eth (whg.eth) (@sniko_) May 22, 2022

The scammers were likely looking to capitalize on a real recent collaboration between Beeple and Louis Vuitton. Earlier in May, Beeple designed 30 NFTs for the luxury fashion brand’s “Louis The Game” mobile game which were embedded as rewards to players.

The scammer continued to post phishing links from Beeple’s Twitter account leading to fake Beeple collections, luring in unsuspecting users with the promise of a free mint for unique NFTs.

Bad actors continue have access to Beeples Twitter account and they have now tweeted another phishing domain.

This one just prompts the user to send ETH to an EOA (0xcad7fc974F61A08ADEF110D1BA446fa5b5B5Bb27).

Infra: 44.227.238.106 pic.twitter.com/HzTga1OvNK
— harry.eth (whg.eth) (@sniko_) May 22, 2022

The phishing links were up on Beeple’s Twitter for around five hours and on-chain analysis of one of the scammers' wallets shows the first phishing link scored them 36 Ethereum (ETH) worth roughly $73,000 at the time.

The second link netted the scammers around $365,000 worth of ETH and NFTs from high-value collections such as the Mutant Ape Yacht Club, VeeFriends, and Otherdeeds amongst others bringing the grand total value stolen from the scam to around $438,000.

On-chain data shows the scammer selling the NFTs on OpenSea and putting their stolen ETH into a crypto mixer in an attempt to launder the gains.

Beeple later tweeted that he had regained control of his account and added to remind his followers that “anything too good to be true IS A F*CKING SCAM.”

ugh we’ll that was fun way to wake up.

Twitter was hacked but we have control now. Huge thanks to @garyvee ‘a team for quick help!!!!
— beeple (@beeple) May 22, 2022

Beeple has created three of the top ten most expensive NFTs sold to date including one which sold for $69.3 million, the most expensive ever sold to a sole owner. This attention has made him a target for hacks.

In November 2021, an admin account on Beeple’s Discord was hacked with scammers there also promoting a similarly fake NFT drop which resulted in users losing around 38 ETH.

Earlier this month, cybersecurity firm Malwarebytes released a report which highlighted a rise in phishing attempts as scammers try to cash in on NFT hype. The firm noted the use of fraudulent websites depicted as legitimate platforms is the most common tactic used by scammers.

ESPN’s baseball reporter’s Twitter account hacked by NFT scammers

March 11, 2022 Coin Telegraph

Coin Telegraph

The hackers hijacked the popular reporter’s account in an attempt to promote giveaways for the Skulltoons NFT project by duping users into clicking a malicious link.

In what ESPN Major League Baseball reporter Jeff Passan called the “biggest news day” of his life, scammers hijacked his Twitter account to promote an NFT giveaway.

With the MLB and the Players Association (MLBPA) engaged in a long-winded deadlock over a labor deal that resulted in canceled games, Passan had just broken news regarding an important agreement between the two parties concerning the international draft.

hey remember that time i got hacked on the biggest news day of my life
— Jeff Passan (@JeffPassan) March 10, 2022

However, with eyeballs waiting on the next development from Passan, his account suddenly started promoting giveaways for the Skulltoons NFT project. His username was also changed to “Jeff.eth” while his profile picture depicted artwork from the NFTs and his bio read “NFT Enthusiast, MLB Insider, Father, Husband, Mod for @skulltoonsNFT, @Azukizen, @thugbirdz”

The tweets (which have since been deleted and salvaged via screenshots) noted that Passan had partnered with Skulltoons to giveaway 20 presale spots for an upcoming drop on March 20, and of course, people needed to click on a nefarious looking link to get a chance of winning.

oh no pic.twitter.com/KpkQl1kbiG
— Alex McDaniel (@AlexMcDaniel) March 10, 2022

Following reports of the hack circulating online, the team behind Skulltoons distanced themselves from the hacker’s posts as they warned the community to be wary of scams:

“Looks like Jeff Passan got hacked by someone trying to scam our community… We are not affiliated with Jeff in any capacity. We hope that he’s able to get his Twitter back ASAP.”

Looks like jeffpassan got hacked by someone trying to scam our community as there's a drive into deep left field by Castellanos and that'll be a homerun so that'll make it a 4-0 ballgame
— Shortest Stop (@ShortestStop) March 10, 2022

The hack didn’t last long, with ESPN reportedly moving fast to get Passan’s account back within two hours. To announce his return, Passan changed his Twitter background to a white image that simply read “I’m back,” in reference to the famous quote from NBA icon Michael Jordan when he came out of retirement to play for the Chicago Bulls for a second stint.

Hackers often attempt to hijack popular social media accounts in a bid to dupe followers into thinking they are seeing legitimate promotions from people they support. Cointelegraph reported in late January that dozens of YouTube accounts such as BitBoy Crypto, Altcoin Buzz, Box Mining, Floyd Mayweather, Ivan on Tech, and The Moon were hacked to promote crypto scams.

Crypto exchange’s Twitter gets hacked by ‘disgruntled employee’

January 24, 2022 Coin Telegraph

Coin Telegraph

Latoken’s Twitter account started publishing accusations of scams and mistreating employees.

The Twitter account of the Russian crypto exchange Latoken seems to have been breached by a hacker who started posting allegations that the exchange is a scam. According to the posts, the exchange is promoting “scam IEOs” and misleading its customers.

WARNING - THIS IS A SCAM EXCHANGE

They are promoting scam IEOs.

They are promoting IEOs promising growth of 100% to 500%.

They are cheating and lying to founders and employees.

They are misleading founders to think they will have successful IEOs while it never happens.
— LATOKEN (@latokens) January 24, 2022

The profile picture of the account was also changed into a scam warning image, while the Twitter page’s bio was edited to “LATOKEN is the leading SCAM platform!” According to the hacker, the exchange treats employees unfairly and also fires employees for no reason.

The hacker has also accused the exchange of deliberately trying to “scam money out of projects” and promising 100%–500% growth without delivering. The hacker also called Valentin Preobrazhensky, the founder of Latoken, a “liar” and a “face seller.”

Apart from Latoken, the official Twitter of LADEX, the company’s decentralized exchange project was also compromised. The hacker posted a video of an online meeting showing the Latoken CEO screaming curses at someone in the call.

The hacker also highlighted Trust Pilot’s review on Latoken, which is only two out of five stars. However, a warning message in Trust Pilot says that the site detected misuse on Latoken’s page, stating that it has detected a number of fake reviews.

In response to the incident, Latoken’s official Telegram account published an update telling its users about the hack. The exchange said it believes the accusations to be the act of a “disgruntled employee” and that its team is in touch with Twitter support to fix the problem.

Several crypto YouTube accounts have faced a series of hacks recently. Hackers posted videos that instructed viewers to send money to the hacker’s wallet using the accounts of famous personalities such as BitBoy Crypto, Box Mining, Ivan on Tech and even boxing superstar Floyd Mayweather Jr. Luckily, many of the account owners were able to detect and remove the videos within minutes.

Back in 2020, a similar hack compromised the Twitter accounts of prominent individuals. The official accounts of Elon Musk, Kanye West, Bill Gates and others were hacked by a Bitcoin (BTC) thief who published posts claiming to double any crypto amount sent to a certain wallet address.

Twitter hack

SIM swaps are still a big issue

Share this video