{"id":1321,"date":"2020-07-28T10:27:15","date_gmt":"2020-07-28T10:27:15","guid":{"rendered":"https:\/\/cryptolinks.com\/news\/?p=1321"},"modified":"2022-04-05T09:19:18","modified_gmt":"2022-04-05T09:19:18","slug":"how-culpable-is-bitcoin-in-the-twitter-hack","status":"publish","type":"post","link":"https:\/\/cryptolinks.com\/news\/how-culpable-is-bitcoin-in-the-twitter-hack","title":{"rendered":"How Culpable Is Bitcoin in The Twitter Hack?"},"content":{"rendered":"

There is nothing new about Bitcoin being in the tabloids for the wrong reasons. As such, there were no real alterations in the price performance of the digital asset when news broke that hackers had breached Twitter\u2019s security and launched a scam involving bitcoin. Regardless of the inconsequential nature of the actions of these hackers on the price of bitcoin<\/a>, we, however, need to explore all loose ends. Chief among them is the fact that pundits have tried to twist the narrative and play on bitcoin\u2019s reputation<\/a>. in this article, I will analyze the events that trailed the attack as well as their implications<\/span><\/p>\n

Is Bitcoin the Enemy?<\/span><\/h2>\n

\"Is<\/p>\n

On July 15, we witnessed one of the worst cybersecurity incidents in recent memory when hackers successfully infiltrated Twitter, hijacked the accounts of high-profile personalities, and went on to initiate a giveaway scam. At the end of this fiasco, the hacker had carted away with over $100,000 worth of bitcoin, in what seems to be an uncoordinated attempt to milk a security loophole. Rather than capitalize on the illegal access to the personal data and identities of powerful individuals on twitter and push for a political undertone, the hackers appeared to be content with raking in a few bucks here and there. This move suggested that the plan was hurriedly put together.<\/span><\/p>\n

Following this attack, Twitter, through a<\/span> blog post<\/span><\/a>, acknowledged that the hack was a result of a security breach that might have involved a social engineering scheme targeted at some of its employees. The blog reads:<\/span><\/p>\n

\u201cAt this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information. The attackers successfully manipulated a small number of employees and used their credentials to access Twitter\u2019s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.\u201d<\/span><\/p>\n

In the immediate aftermath of this infamous attack, media platforms like the New York Times and BBC began to tag the incident as a Bitcoin or Crypto scam. Here lies the bone of contention. This attack was never about bitcoin. Therefore, it made no sense that the digital asset was in the spotlight when the real culprit is Twitter. There is no reason why Bitcoin should get the stick. As noted by Samantha Yap on<\/span> Cointelegraph<\/span><\/a>, bitcoin is not to blame for Twitter\u2019s vulnerable security system. She stated:<\/span><\/p>\n

\u201cTo have \u201cBitcoin\u201d and \u201cscam\u201d used in the same breath in the global media may feel like all the work that\u2019s gone into building trust for this revolutionary technology since its creation in 2009 has been for nothing. This is even more reason why companies and their communication teams must turn the publicity Bitcoin is getting now into a positive for the industry\u2026 Twitter is a centralized organization; it holds all users\u2019 data and accounts in one place. For the hackers to gain access to this many Twitter accounts, they would have to break into Twitter\u2019s centralized database. Let\u2019s spell it out clearly: Hackers broke into Twitter\u2019s database and compromised high-profile accounts to ask for Bitcoin.\u201d<\/span><\/p>\n

In the same vein, Anil Lulla, co-founder of Delphi Digital, in a<\/span> discussion panel convened by CoinDesk<\/a><\/span>, opined that he does not expect the hack to reinforce existing biases against digital assets. He explained:<\/span><\/p>\n

\"Anil

Anil Lulla, co-founder of Delphi Digital<\/p><\/div>\n

\u201cThis is a wider topic. People have predetermined biases. Most people in the space by now have been open-minded enough to understand this. Of course, there\u2019s always going to be a subset of people who always look for information that will always support their biases or their positions. But at the end of the day, I don\u2019t think it fundamentally changes anything. It really hasn\u2019t changed anything so far.\u201d<\/span><\/p>\n

Instead, Lulla expects this cybersecurity mishap to shed a positive light on Bitcoin. He added:<\/span><\/p>\n

\u201cI believe there are some positive benefits to Bitcoin. Anyone who works in crypto got messages from friends and family asking what the scam is all about. They were curious to know when they saw the word \u201cBitcoin\u201d on TV. So maybe this is an opportunity for us to explain how Bitcoin works. We can outline that this isn\u2019t a Bitcoin scam and it was not hacked; Twitter got hacked. Obviously, it is going to increase attention, though whether that\u2019s good or bad is up in the air. These little things shouldn\u2019t really affect the fundamentals of Bitcoin.\u201d<\/span><\/p>\n

Twitter Under Fire<\/span><\/h2>\n

Many of the prominent crypto proponents, who have lent their voice to this conversation, believe that Twitter\u2019s recent security crisis is a prime example of why centralized systems are becoming redundant. It is frightening to discover that twitter delegates god-like access to its employees, which allows them to not only override the 2FA protection of accounts but also to tweet on behalf of users. The chief security officer and vice president of LogRhytm Labs, James Carder<\/span> raised<\/span> this argument and criticized the decision to favor such a flawed system framework:<\/span><\/p>\n

\u201cThis hack also brings into concern why \u2014 in the first place \u2014 Twitter granted its employees with the functionality to tweet on behalf of their customers. It is clear that social media organizations need the ability to manage accounts, and particularly the ability to take down offensive or inappropriate content, the employees should not have access to post an entirely unique Tweet on a user\u2019s behalf. This points to a likely case of too much functionality available in the platform and not enough robust controls.\u201d<\/span><\/p>\n

Blair Dunbar, Kaspersky\u2019s threat research and security intelligence communications officer,<\/span> noted<\/span> these discrepancies when he told Cointelegraph:<\/span><\/p>\n

\u201cTwitter wrote that several of its employees were victims of the attack. This suggests that the criminals attempted to gain access to the platform\u2019s infrastructure through their accounts. In addition, the fact that the criminals were able to immediately gain access to such a large number of accounts suggests that something internal in the system was compromised.\u201d<\/span><\/p>\n

Like Dunbar, Changpeng Zhao, CEO of Binance<\/a>, also reached a similar conclusion. He questioned Twitter\u2019s proficiency in security systems, considering how easy it was to override the platform\u2019s 2FA protection. CZ asserted:<\/span><\/p>\n

\"Changpeng

Changpeng Zhao, CEO of Binance<\/p><\/div>\n

\u201cWe believe this is a good wake up call for all social media platforms to revamp their security practices given the increased adoption of cryptocurrencies. Social media platforms are no longer just a place to share a selfie, it can and will be used for financial transactions and even crime. Stronger security needs to be built into these platforms\u2026 Twitter added the 2FA feature not long ago, but its implementation is flawed and leaves the ability for an attacker who brute-force attacks your account to lock the original owner out of the account. It even resets 2FA and email addresses, which defeats the purpose of 2FA. I tweeted about this less than a month and a half ago.\u201d<\/span><\/p>\n

In response to this unfortunate incident, the U.S. Federal Bureau of Investigation, FBI, has moved to<\/span> investigate<\/span><\/a> this hack, considering how such vulnerabilities could have caused a nationwide panic. Likewise, the governor of New York, Andrew Cuomo, has urged the state\u2019s Department of Financial Services to probe all parties involved. According to<\/span> New York Post<\/span><\/a>, Cuomo stated that \u201cforeign interference remains a grave threat to our democracy and New York will continue to lead the fight to protect our democracy and the integrity of our elections in any way we can.\u201d<\/span><\/p>\n

New York Attorney General, Letitia James, also took a<\/span> similar stance<\/span><\/a> and will lead a separate investigation of the events that led to the security breaches recorded on July 15. He stated:<\/span><\/p>\n

\u201cCountless Americans rely on Twitter to read and watch the news, to engage in public debate, and to hear directly from political leaders, activists, business executives, and other thought leaders. Last night\u2019s attack on Twitter raises serious concerns about data security and how platforms like Twitter could be used to harm public debate. I have ordered my office to open an immediate investigation into this matter.\u201d<\/span><\/p>\n

All Eyes on The Loot<\/span><\/h2>\n

For some reason, the hacker opted for bitcoin as the currency of choice. One thing is clear, the bitcoin network is big on transparency, and every transaction executed on it is traceable via specialized tools. And so, it comes as a surprise that the attacker would risk being tracked by law enforcement agencies. However, this could be all part of the plan. As noted by cybersecurity analytic firms like<\/span> CipherTrace<\/span><\/a> and Chainalysis, the hacker has begun to move bits and pieces of the loot to obfuscate the money trail.<\/span><\/p>\n

As expected, this tactic involves the use of mixers, coin swap services, and unregulated crypto exchanges<\/a>. Nonetheless, these strategies do not necessarily mean that these funds are untraceable. Maddie Kennedy, a Chainalysis spokesperson<\/a>, mentioned that it is often possible to trace stolen funds even if the culprit attempts to use mixers to go off the radar. According to Tom Robinson, the chief scientist and co-founder of Elliptic, it is “very difficult to mask all your activity when you\u2019re using a system that\u2019s as transparent as Bitcoin.\u201d He added:<\/span><\/p>\n

\"Tom

Tom Robinson, the chief scientist and co-founder of Elliptic<\/p><\/div>\n

\u201cIt’s likely the hackers will be able to cash out in some way, [but] the question is whether they will be able to do so in a way that cannot be traced back to them.\u201d<\/span><\/p>\n

What Role Did Exchanges Play in All of His?<\/span><\/h2>\n
\"What

What Role Did Exchanges Play in All of His<\/p><\/div>\n

On the day of the attack, exchanges initiated various measures to prevent their users from falling victim to the scam. Coinbase<\/a>, the largest crypto exchange in the U.S. and owner of one of the twitter accounts hacked, opted to blacklist the bitcoin address attached to the now-infamous tweets when it realized that 14 customers had already begun to fall for the scam and sent $3,000 worth of bitcoin to the said address. Per the data released, Coinbase managed to thwart the fraud, to an extent, by preventing about 1,100 of its users from sending over $280,000 worth of bitcoin to the hacker\u2019s address. Findings show that the same tactic was employed by other prominent exchanges.<\/span><\/p>\n

A particular exchange that was vocal about this development is Kraken. Jesse Powell, chief executive of Kraken,<\/span> highlighted<\/span><\/a> that the \u201chack shows that security is about layers of protection.\u201d And there is the need to adopt advanced surveillance systems to avoid a recurrence of such attacks:<\/span><\/p>\n

“Somebody has to be watching the admins and setting up alerts to watch for these vulnerabilities. The Twitter hack was a more widespread event, but scams of this nature are not new. Kraken proactively monitors for this type of activity and blocks certain addresses that we come across. Like any other scam, we proactively blocked the addresses<\/a> from the Twitter hack earlier this week.”<\/span><\/p>\n

Also, London-based Luno has moved to educate its users on the importance of identifying scams and ways to spot them. Marcus Swanepoel, chief executive of Luno, said in an email:<\/span><\/p>\n

\"Marcus

Marcus Swanepoel, chief executive of Luno<\/p><\/div>\n

“We have taken some in-app steps to avoid our customers becoming the victim of scams including blacklisting known scam addresses and also a pop-up scam warning box if we detect they are about to transfer funds to a known scam address. If it sounds too good to be true, then it generally is.”<\/span><\/p>\n

Although blacklisting accounts is a common trope in the traditional financial scene, it is not particularly popular in the crypto industry. As soon as the report revealed the measures exchanges adopted to foil the hacker\u2019s plan, skeptics were quick to register their thoughts on the issue. To them, the actions of these exchanges go against everything bitcoin and decentralization stand for. On the one hand, the fundamental of bitcoin is at stake<\/a>. On the other hand, the inactions of exchanges pose a threat to crypto holders. Therefore, it is left for participants to choose which is the most important.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

There is nothing new about Bitcoin being in the tabloids for the wrong reasons. As such, there were no real alterations in the price performance of the digital asset when news broke that hackers had breached Twitter\u2019s security and launched a scam involving bitcoin. Regardless of the inconsequential nature of the actions of these hackers […]<\/p>\n","protected":false},"author":1,"featured_media":1324,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1321","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/posts\/1321","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/comments?post=1321"}],"version-history":[{"count":6,"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/posts\/1321\/revisions"}],"predecessor-version":[{"id":2046,"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/posts\/1321\/revisions\/2046"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/media\/1324"}],"wp:attachment":[{"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/media?parent=1321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/categories?post=1321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptolinks.com\/news\/wp-json\/wp\/v2\/tags?post=1321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}