Welcome to Cryptolinks.com – Your Ultimate Crypto Companion! Ready to dive into the world of Bitcoin, blockchain, and cryptocurrency? Look no further than Cryptolinks.com, your one-stop destination for curated crypto goodness. As someone who's spent years exploring the vast crypto landscape, I've handpicked the crème de la crème of resources just for you. Say goodbye to sifting through haystacks of information. Whether you're a curious beginner or a seasoned pro, my personally vetted links cover everything you need to know. I've walked the path myself and selected the most insightful sites that helped me grasp the complexities of crypto. Join me on this journey of discovery. So go ahead, bookmark Cryptolinks.com, and let's conquer the crypto realm together!

Ethereum:
$
Bitcoin:
$
Litecoin:
$
Cryptolinks by Nate Urbas Crypto Trader, Bitcoin Miner, Holder
review-photo

How Culpable Is Bitcoin in The Twitter Hack?

28 July 2020
How Culpable Is Bitcoin in The Twitter Hack

There is nothing new about Bitcoin being in the tabloids for the wrong reasons. As such, there were no real alterations in the price performance of the digital asset when news broke that hackers had breached Twitter’s security and launched a scam involving bitcoin. Regardless of the inconsequential nature of the actions of these hackers on the price of bitcoin, we, however, need to explore all loose ends. Chief among them is the fact that pundits have tried to twist the narrative and play on bitcoin’s reputation. in this article, I will analyze the events that trailed the attack as well as their implications

Is Bitcoin the Enemy?

Is Bitcoin the Enemy

On July 15, we witnessed one of the worst cybersecurity incidents in recent memory when hackers successfully infiltrated Twitter, hijacked the accounts of high-profile personalities, and went on to initiate a giveaway scam. At the end of this fiasco, the hacker had carted away with over $100,000 worth of bitcoin, in what seems to be an uncoordinated attempt to milk a security loophole. Rather than capitalize on the illegal access to the personal data and identities of powerful individuals on twitter and push for a political undertone, the hackers appeared to be content with raking in a few bucks here and there. This move suggested that the plan was hurriedly put together.

Following this attack, Twitter, through a blog post, acknowledged that the hack was a result of a security breach that might have involved a social engineering scheme targeted at some of its employees. The blog reads:

“At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information. The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.”

In the immediate aftermath of this infamous attack, media platforms like the New York Times and BBC began to tag the incident as a Bitcoin or Crypto scam. Here lies the bone of contention. This attack was never about bitcoin. Therefore, it made no sense that the digital asset was in the spotlight when the real culprit is Twitter. There is no reason why Bitcoin should get the stick. As noted by Samantha Yap on Cointelegraph, bitcoin is not to blame for Twitter’s vulnerable security system. She stated:

“To have “Bitcoin” and “scam” used in the same breath in the global media may feel like all the work that’s gone into building trust for this revolutionary technology since its creation in 2009 has been for nothing. This is even more reason why companies and their communication teams must turn the publicity Bitcoin is getting now into a positive for the industry… Twitter is a centralized organization; it holds all users’ data and accounts in one place. For the hackers to gain access to this many Twitter accounts, they would have to break into Twitter’s centralized database. Let’s spell it out clearly: Hackers broke into Twitter’s database and compromised high-profile accounts to ask for Bitcoin.”

In the same vein, Anil Lulla, co-founder of Delphi Digital, in a discussion panel convened by CoinDesk, opined that he does not expect the hack to reinforce existing biases against digital assets. He explained:

Anil Lulla, co-founder of Delphi Digital

Anil Lulla, co-founder of Delphi Digital

“This is a wider topic. People have predetermined biases. Most people in the space by now have been open-minded enough to understand this. Of course, there’s always going to be a subset of people who always look for information that will always support their biases or their positions. But at the end of the day, I don’t think it fundamentally changes anything. It really hasn’t changed anything so far.”

Instead, Lulla expects this cybersecurity mishap to shed a positive light on Bitcoin. He added:

“I believe there are some positive benefits to Bitcoin. Anyone who works in crypto got messages from friends and family asking what the scam is all about. They were curious to know when they saw the word “Bitcoin” on TV. So maybe this is an opportunity for us to explain how Bitcoin works. We can outline that this isn’t a Bitcoin scam and it was not hacked; Twitter got hacked. Obviously, it is going to increase attention, though whether that’s good or bad is up in the air. These little things shouldn’t really affect the fundamentals of Bitcoin.”

Twitter Under Fire

Many of the prominent crypto proponents, who have lent their voice to this conversation, believe that Twitter’s recent security crisis is a prime example of why centralized systems are becoming redundant. It is frightening to discover that twitter delegates god-like access to its employees, which allows them to not only override the 2FA protection of accounts but also to tweet on behalf of users. The chief security officer and vice president of LogRhytm Labs, James Carder raised this argument and criticized the decision to favor such a flawed system framework:

“This hack also brings into concern why — in the first place — Twitter granted its employees with the functionality to tweet on behalf of their customers. It is clear that social media organizations need the ability to manage accounts, and particularly the ability to take down offensive or inappropriate content, the employees should not have access to post an entirely unique Tweet on a user’s behalf. This points to a likely case of too much functionality available in the platform and not enough robust controls.”

Blair Dunbar, Kaspersky’s threat research and security intelligence communications officer, noted these discrepancies when he told Cointelegraph:

“Twitter wrote that several of its employees were victims of the attack. This suggests that the criminals attempted to gain access to the platform’s infrastructure through their accounts. In addition, the fact that the criminals were able to immediately gain access to such a large number of accounts suggests that something internal in the system was compromised.”

Like Dunbar, Changpeng Zhao, CEO of Binance, also reached a similar conclusion. He questioned Twitter’s proficiency in security systems, considering how easy it was to override the platform’s 2FA protection. CZ asserted:

Changpeng Zhao, CEO of Binance

Changpeng Zhao, CEO of Binance

“We believe this is a good wake up call for all social media platforms to revamp their security practices given the increased adoption of cryptocurrencies. Social media platforms are no longer just a place to share a selfie, it can and will be used for financial transactions and even crime. Stronger security needs to be built into these platforms… Twitter added the 2FA feature not long ago, but its implementation is flawed and leaves the ability for an attacker who brute-force attacks your account to lock the original owner out of the account. It even resets 2FA and email addresses, which defeats the purpose of 2FA. I tweeted about this less than a month and a half ago.”

In response to this unfortunate incident, the U.S. Federal Bureau of Investigation, FBI, has moved to investigate this hack, considering how such vulnerabilities could have caused a nationwide panic. Likewise, the governor of New York, Andrew Cuomo, has urged the state’s Department of Financial Services to probe all parties involved. According to New York Post, Cuomo stated that “foreign interference remains a grave threat to our democracy and New York will continue to lead the fight to protect our democracy and the integrity of our elections in any way we can.”

New York Attorney General, Letitia James, also took a similar stance and will lead a separate investigation of the events that led to the security breaches recorded on July 15. He stated:

“Countless Americans rely on Twitter to read and watch the news, to engage in public debate, and to hear directly from political leaders, activists, business executives, and other thought leaders. Last night’s attack on Twitter raises serious concerns about data security and how platforms like Twitter could be used to harm public debate. I have ordered my office to open an immediate investigation into this matter.”

All Eyes on The Loot

For some reason, the hacker opted for bitcoin as the currency of choice. One thing is clear, the bitcoin network is big on transparency, and every transaction executed on it is traceable via specialized tools. And so, it comes as a surprise that the attacker would risk being tracked by law enforcement agencies. However, this could be all part of the plan. As noted by cybersecurity analytic firms like CipherTrace and Chainalysis, the hacker has begun to move bits and pieces of the loot to obfuscate the money trail.

As expected, this tactic involves the use of mixers, coin swap services, and unregulated crypto exchanges. Nonetheless, these strategies do not necessarily mean that these funds are untraceable. Maddie Kennedy, a Chainalysis spokesperson, mentioned that it is often possible to trace stolen funds even if the culprit attempts to use mixers to go off the radar. According to Tom Robinson, the chief scientist and co-founder of Elliptic, it is “very difficult to mask all your activity when you’re using a system that’s as transparent as Bitcoin.” He added:

Tom Robinson, the chief scientist and co-founder of Elliptic

Tom Robinson, the chief scientist and co-founder of Elliptic

“It’s likely the hackers will be able to cash out in some way, [but] the question is whether they will be able to do so in a way that cannot be traced back to them.”

What Role Did Exchanges Play in All of His?

What Role Did Exchanges Play in All of His

What Role Did Exchanges Play in All of His

On the day of the attack, exchanges initiated various measures to prevent their users from falling victim to the scam. Coinbase, the largest crypto exchange in the U.S. and owner of one of the twitter accounts hacked, opted to blacklist the bitcoin address attached to the now-infamous tweets when it realized that 14 customers had already begun to fall for the scam and sent $3,000 worth of bitcoin to the said address. Per the data released, Coinbase managed to thwart the fraud, to an extent, by preventing about 1,100 of its users from sending over $280,000 worth of bitcoin to the hacker’s address. Findings show that the same tactic was employed by other prominent exchanges.

A particular exchange that was vocal about this development is Kraken. Jesse Powell, chief executive of Kraken, highlighted that the “hack shows that security is about layers of protection.” And there is the need to adopt advanced surveillance systems to avoid a recurrence of such attacks:

“Somebody has to be watching the admins and setting up alerts to watch for these vulnerabilities. The Twitter hack was a more widespread event, but scams of this nature are not new. Kraken proactively monitors for this type of activity and blocks certain addresses that we come across. Like any other scam, we proactively blocked the addresses from the Twitter hack earlier this week.”

Also, London-based Luno has moved to educate its users on the importance of identifying scams and ways to spot them. Marcus Swanepoel, chief executive of Luno, said in an email:

Marcus Swanepoel, chief executive of Luno

Marcus Swanepoel, chief executive of Luno

“We have taken some in-app steps to avoid our customers becoming the victim of scams including blacklisting known scam addresses and also a pop-up scam warning box if we detect they are about to transfer funds to a known scam address. If it sounds too good to be true, then it generally is.”

Although blacklisting accounts is a common trope in the traditional financial scene, it is not particularly popular in the crypto industry. As soon as the report revealed the measures exchanges adopted to foil the hacker’s plan, skeptics were quick to register their thoughts on the issue. To them, the actions of these exchanges go against everything bitcoin and decentralization stand for. On the one hand, the fundamental of bitcoin is at stake. On the other hand, the inactions of exchanges pose a threat to crypto holders. Therefore, it is left for participants to choose which is the most important.

Leave a Reply