Biggest hack in Twitter (TWTR.Q) history highlights developments in cyber-crime tracking

Twitter (TWTR.Q) got hacked earlier this week in what is probably one of the most brazen incidences of phishing since the technique was first recognized, but it’s not just the phishing scam—which by and large was fairly transparent—but the who and what that got hacked that made it so significant. Jack Dorsey’s going to have some tough questions to answer before long, but that’s not why we’re here.

Here’s Twitter-user @aid8nn with a truncated list:

As usual, Twitter is full of idiots with opinions, egos and agendas—some shouting that something this size couldn’t possibly be a disaffected, bored kid in his mother’s basement, but the culmination of a massive government sized operation designed to send a message.

Others have pointed out that the person or persons involved are fairly unprepared or maybe even inexperienced because of the scope of the hack, and the lack of forethought involved. There’s the suggestion that if the hack were by an organized group such as a country, it would have much better organized and included stronger targeting.

One half could have included this type of message to draw in some percentage of bitcoin, and the other half could have used one-time actual phishing messages verified by these high profile legitimate accounts, which would expand further access to do more downstream damage.

A bitcoin address tied to the scam website’s message has collected more than 0.65 BTC in proceeds, worth roughly $6,000.

Regardless of who the actual hackers were and whether or not they’re caught—the point about security remains. And it’s not just about security for your Twitter account, or the general effect on your Twitter investment (up $0.15 aftermarket regardless of the news, if you’re wondering) but what the general overall effect on Bitcoin and cryptocurrency will be.

Adequate speculation requires a wider view of the problem, because it’s far more ranging than Elon Musk’s twitter getting hacked and used for some ham-fisted phishing scheme designed to clobber the gullible.

Tools of the trade

The crypto-space is a lawless frontier where the wild run free, and the gullible get fleeced. Your investment is only as safe as you are educated, and that education requires a consistent upgrading curve. So we’re going to offer a limited list of the most popular methods hackers use to fleece you out of your cryptocurrency.

Sim Swapping

We’ve written about SIM Swapping before, but it bears repeating.

It’s when someone jacks your sim card. It’s also called sim-jacking, unsurprisingly.

When you’re SIM swapped, you can’t get alerts on your phone because your number’s been switched to the hacker’s SIM. You have access to voice, email or SMS service, and both end-users and IT staff aren’t aware of any unusual transfers until the thieves are long gone. Odds are good, if the hackers know what they’re doing, your bank account and anything requiring two factor authentication has been compromised and any crypto you have is now been swapped between a new wallet and an off-shore exchange.


Phishing comes in a few different varieties, actually. There’s the seemingly innocuous e-mail attachment variety of phishing, where Karen from accounting opens up an attachment from her Nigerian Prince lover and infects your entire work network with a hydra. That’s the most common and the most annoying.

Less common and more scary than annoying are the sextortion scams. Ever check your junkmail and see the various offers for a new smartphone and other such bullshit? It seems obvious that these are scams and the links themselves are suspect, but these are sent out in brute force waves—by the thousands—with the hope that they can snare one or two people into their net. Presumably they get more than that.

These links download files onto your computer, which can remotely turn on your webcam and log your keystrokes. The sextortion scam involves pornhub or some other compromised site, in which your camera turns on and records you doing your thing, and then uploads it back to a server. The next day you discover a badly written e-mail in your account indicating that they know what you did, and if you want to avoid the shame of exposure, you’ll have to pay up in Bitcoin.

But it’s not just individuals who suffer the depredations of these criminals, either.

The world’s largest cryptocurrency exchange is Binance, and it’s no stranger to hacks. In May of last year, it lost more than $40 million in crypto assets from a sophisticated cyberattack using a mix of phishing, viruses and other methods of attack.

Dark Web

The other half of the equation is what the Bitcoin (and altcoins) are being used for, and where they’re being used.

Research completed by the blockchain analytics company, CipherTrace, indicates that Bitcoin is the coin of choice for buying and selling illegal drugs, weapons, and cyber and banking credentials, and used in 76% of dark market transactions versus 7% for Ethereum Classic (ETC).

Believe it or not, that’s decently good news. So when bandits make off with your bitcoin because they’ve either caught you in a compromising position, it can be tracked, and there’s a publicly traded company involved in forensic analysis of a number of different blockchains.

In fact, at the time of writing it’s three days after the hack, and Bigg Digital Assets (BIGG.C), the owner of Blockchain Intelligence Group, may already have a lead on where the money went. We’ll get to them in a bit.

First, we need to talk about what’s in store.


They’re coming and it’s not a case of big bad control crazy government coming for your crypto. Instead, it’s more like putting limitations on how you can play with your toys because you can’t play nice with others.

Governments have a tendency to use mallets to solve problems when what’s required is a scalpel. It may solve the principle problem, but ultimately, it may just further harm the patient by causing more problems. Take for example, the decisions of the Financial Action Task Force, an intergovernmental organization based in Paris, France, which created a new travel restriction that requires transactions between exchanges to include personal information about the sender and receiver of funds similar to international bank wire and SWIFT transfers.

On the surface that’s an excellent idea. It makes it easier to track and trace transactions as they bounce from wallet to wallet by attaching a name to a wallet number. If you auger down, it represents a distinctive loss of privacy and an increased amount of surveillance. Also, it solves little, as unregistered exchanges can be built, funded and operational within a weekend by a sufficiently motivated team. And nothing sufficiently motivates better than greed.

Then there’s the Secret Service, which in May awarded a four-year $183,750 contract to Coinbase to use their Coinbase Analytics blockchain analytics software.

Lastly, we return to Bigg Digital Assets and their subsidiary Blockchain Intelligence Group, which is a leading developer of blockchain technology search, risk-scoring and data analytics solutions. They ascertained that some of the funds taken in the Twitter-scam earlier this week were transferred to an address potentially linked to the hack, split and then sent to a few different “know your customer” (KYC) regulated exchanges.

That makes them locate-able. If any of those exchanges are within Canada, the United States, or any other country likely to cooperate then it may be possible to not only track the coins, but the thieves themselves. For example, approximately $13Kwere traced to the Luno Exchange in the UK, while a smaller amount went to an exchange in India. Other splits included an original amount of USD$7,007, split nearly evenly over two wallets. And a third transaction valued at USD$10 that went to an address held possibly by Binance.

These denominations may not necessarily be huge, but they do represent a trail to follow and offer serious future potential to reveal the identity of the hackers.

You know what that means?

Hackers are running out of hiding places.

In the interim, there are some serious questions lingering over what Dorsey is going to do about his shaky security. Should be fun to watch the fallout.

—Joseph Morton

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: