CRYPTO SCAM 2020

Group 4
Smriti Thakur – 339/2021,Saurav Sharma-342/2021,Sahil Dhiman- 345/2021,Yashika Narula- 350/2021,Madhurta Uppal- 351/2021
What
happened?
• Between 20:00 and 22:00 UTC on July 15,
2020, reportedly 130 high-profile Twitter
accounts were compromised by third parties to
promote a bitcoin scam.
• The scam tweets asked people to send bitcoin
currency to a specific cryptocurrency wallet,
with the Twitter user promising that the money
would be doubled and returned as a charitable
gesture.
• Within minutes from the initial tweets, more
than 320 transactions had already taken place
on one of the wallet addresses, and bitcoin to a
value of more than US$110,000 had been
deposited in one account before the scam
messages were removed by Twitter.
How?
The scammers gained access to a Twitter administrative tool, also known as a "agent
tool," that allowed them to change various account-level settings of some of the
compromised accounts, including confirmation emails for the account.

This enabled them to configure email addresses from which any other user with
access to that email account could initiate a password reset and post the tweets.
According to Vice, the hackers paid insiders at Twitter to gain access to the
administrative tool in order to pull this off.

The scammer used Bitcoin wallet to remain untraceable.

Twitter later confirmed that the scam used social engineering.

Multifactor authentication got bypassed.

 • The attackers successfully manipulated a small

Attack Technique number of employees and used their credentials

to access Twitter's internal systems, including
getting through our two-factor protections. As of
then, they knew that they accessed tools only
available to our internal support teams.
• Twitter had been able to further confirm by July
30 that the method used was what they called a
"phone spear phishing attack“
• They initially used social engineering to breach
the credentials of lower-level Twitter employees
who did not have access to the admin tools, and
then using those employee accounts, engaged in
additional social engineering attacks to get the
credentials to the admin tools from employees
who did have authorization for their use.
• 1500 Twitter employees and partners had access
to the admin tools that would allow for the
ability to reset accounts as had been done during
the incident. 
• Former members of Twitter's security
departments stated that since 2015, the company
was alerted to the potential from an inside attack
and other cybersecurity measures, but these were
put aside in favor of more revenue-generating
initiatives.
Aftermath:
Twitter had to fix gaps for company’s
security awareness program .

Twitter faced huge fines under European

GDPR and US FTC.

Twitter users lost USD 118K in two days.

Locked accounts and secured internal

access.

Individually contacted victims to regain

access.

Provided update about the scam using blog

posts.